{
	"id": "ab68e158-b004-4be7-b188-b98161881258",
	"created_at": "2026-04-06T02:12:38.768319Z",
	"updated_at": "2026-04-10T03:21:54.562252Z",
	"deleted_at": null,
	"sha1_hash": "a50f876840cda253dfb625b27e0bacebe7121ab1",
	"title": "The Nefilim Ransomware Group Has Hit ‘Spirit Airlines’",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2151486,
	"plain_text": "The Nefilim Ransomware Group Has Hit ‘Spirit Airlines’\r\nBy Bill Toulas\r\nPublished: 2021-03-06 · Archived: 2026-04-06 02:03:17 UTC\r\nAmerican ultra-low-cost airline \"Spirit Airlines\" had a ransomware breach by the Nefilim group.\r\nParts of the stolen data are leaked on the dark web, and they contain credit card and transaction\r\ndetails.\r\nThe airline hasn’t acknowledged the security incident yet, and neither have they sent notices of a\r\nbreach.\r\nThe Florida-based low-cost airline \"Spirit Airlines\" has been hit by the Nefilim ransomware group, which is\r\nalready publishing samples of the stolen data on their dark web portal. The first block of the stolen data has a size\r\nof 40GB.\r\nIt contains over 33,000 files, including financial information and various sensitive personal details of customers\r\nwho bought a ticket and flew with Spirit between 2006 and 2021. So, apparently, the stolen data corresponds to\r\nthe last 15 years of the airline’s operational information.\r\nWe have used specialized dark web intelligence tools provided by KELA to check what type of data is being\r\nleaked exactly. Unfortunately, we’ve seen credit card lists and detailed transaction records, email addresses, holder\r\nnames, and partially hidden card numbers.\r\nhttps://www.technadu.com/nefilim-ransomware-group-hit-spirit-airlines/252679/\r\nPage 1 of 8\n\nhttps://www.technadu.com/nefilim-ransomware-group-hit-spirit-airlines/252679/\r\nPage 2 of 8\n\nSource: KELA\r\nOn one of the sets, the crooks are leaking dispute records where one can see dates, credit card details (partial\r\nagain), travel and ticket-related details, and a short description of the dispute. These details are obviously violating\r\nthe privacy of the exposed individuals and open the door to spammers, scammers, phishing actors, and even\r\nextortionists, depending on the case.\r\nSource: Suspectfile.com\r\nFor this reason, one would expect Spirit Airlines to send out notices of a breach immediately. Still, when writing\r\nthis, the low-cost airline hasn’t made any public statements about the leaking data, hasn’t distributed any notices\r\nto its customers, and hasn’t even acknowledged any security incidents. So it wouldn’t be far-fetched to suggest\r\nthat the airline may not have realized the breach yet, so Nefilim actors could still be roaming on its network.\r\nFurther Reading\r\nSITA Announces Data Security Incident Affecting Several Airlines\r\nAlmost All Airlines Are Vulnerable to Email Fraud Attacks\r\nBeware of ‘AlumniLocker’ and ‘Humble,’ Two New Ransomware Strains\r\nIt is very hard not to notice the encryption and system lock-down aspect of a ransomware infection. However, if\r\nNefilim snatched the data from an unprotected database or a backup server that isn’t used for \"live\" operations,\r\nthen the \"Spirit Airlines\" IT team wouldn’t notice it immediately. Also, considering that ultra-low-cost airlines cut\r\nexpenses everywhere they can, especially during these times when the pandemic shattered their business,\r\nmaintaining an active IT team that monitors everything would be improbable.\r\nWe have reached out to the customer service of Spirit Airlines, and we will update this piece as soon as we hear\r\nback from them.\r\nhttps://www.technadu.com/nefilim-ransomware-group-hit-spirit-airlines/252679/\r\nPage 3 of 8\n\nExplore More\r\nMost Popular\r\nhttps://www.technadu.com/nefilim-ransomware-group-hit-spirit-airlines/252679/\r\nPage 4 of 8\n\nhttps://www.technadu.com/nefilim-ransomware-group-hit-spirit-airlines/252679/\r\nPage 5 of 8\n\nhttps://www.technadu.com/nefilim-ransomware-group-hit-spirit-airlines/252679/\r\nPage 6 of 8\n\nhttps://www.technadu.com/nefilim-ransomware-group-hit-spirit-airlines/252679/\r\nPage 7 of 8\n\nSource: https://www.technadu.com/nefilim-ransomware-group-hit-spirit-airlines/252679/\r\nhttps://www.technadu.com/nefilim-ransomware-group-hit-spirit-airlines/252679/\r\nPage 8 of 8",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.technadu.com/nefilim-ransomware-group-hit-spirit-airlines/252679/"
	],
	"report_names": [
		"252679"
	],
	"threat_actors": [],
	"ts_created_at": 1775441558,
	"ts_updated_at": 1775791314,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a50f876840cda253dfb625b27e0bacebe7121ab1.pdf",
		"text": "https://archive.orkl.eu/a50f876840cda253dfb625b27e0bacebe7121ab1.txt",
		"img": "https://archive.orkl.eu/a50f876840cda253dfb625b27e0bacebe7121ab1.jpg"
	}
}