Attackers pwn charter airline helping Trump’s deportation campaign – Source: go.theregister.com

GlobalX, a charter airline used for deportations by the US government, has admitted someone broke into its network infrastructure.

“On May 5, 2025, Global Crossing Airlines Group learned of unauthorized activity within its computer networks and systems supporting portions of its business applications, which the company determined to be the result of a cybersecurity incident,” an SEC filing from May 9 reads.

“Upon learning of this activity, the company immediately activated its incident response protocols and third-party cybersecurity experts to assist with containment and mitigation activities and to investigate the nature and scope of the incident, and took actions to contain and isolate the affected servers and prevent further intrusion.”

GlobalX is one of the small airlines contracted by Immigration and Customs Enforcement (ICE) to carry out the President’s mass deportation campaign of “illegal aliens.”

The nature of the incident is not yet known, but the popular blueprint for cybercriminals who gain access to a company is to exfiltrate data and use it as leverage to extort.

GlobalX said it had informed law enforcement agencies and is working to understand the full extent of the attack, but has not announced the news via public channels.

“Given the recency of the incident, our investigation and response are ongoing, and the full scope, nature, and potential ultimate impact on the company are not yet known,” GlobalX’x filing went on to say.

“The company currently believes that none of its operations have been disrupted or negatively impacted by this incident.”

The disclosure, however vague, lends credence to reports that those responsible had stolen flight records and passenger manifests, including ones related to deportation flights, dating back to January.

The alleged perpetrators pitched the news to various outlets, and while the word of a cybercriminal should not be taken as gospel, the timing of the disclosure and its ambiguous wording suggest there is at least some truth to the story.

• Britain’s cyber agents and industry clash over how to tackle shoddy software
• Unending ransomware attacks are a symptom, not the sickness
• You think ransomware is bad now? Wait until it infects CPUs
• Feds disrupt proxy-for-hire botnet, indict four alleged net miscreants

GlobalX was quickly identified as one of the main small airlines whose services were called upon by ICE within days of Trump taking office for the second time, although the company doesn’t openly advertise this.

Bloomberg reported that some of the earliest flights it was tasked with making from the US to South American countries such as Brazil, Colombia, Guatemala, and Honduras were mired in technical difficulties.

The airline, which operates a fleet of 19 Airbus planes (A320, A321, and A321F), reportedly tackled various issues ranging from aborted landings, broken air conditioning leading to deportees fainting from high temperatures, to not being able to start engines for hours.

According to its investor presentation [PDF], GlobalX is the fastest-growing charter airline in America, but up-to-date filings show it has yet to turn a profit since being founded in 2018.

Its most recent Form 10-K states that it maintains robust cybersecurity controls through risk assessments, system monitoring, information security policies, and employee awareness and training.

The Register contacted the company for additional information. ®