Air Côte d'Ivoire recently confirmed a February 8 cyberattack that compromised its information systems and prompted the activation of emergency business continuity protocols. The INC ransomware gang claimed responsibility for the breach, alleging the theft of 208 GB of data and setting a payment deadline for late February.

The primary airline of Côte d'Ivoire confirmed that a significant breach of its digital infrastructure occurred on February 8, necessitating immediate intervention from technical teams to maintain flight operations. While the company did not initially respond to direct inquiries, it eventually released a statement acknowledging that the incident affected various parts of its information systems. The airline, which operates a fleet of 14 aircraft out of Abidjan, has focused on reassuring the public that its flight schedules remain stable and compliant with international safety standards despite the internal disruption.

Following the intrusion, the INC ransomware group claimed to have exfiltrated 208 GB of sensitive data from the carrier's servers. The hackers issued a public threat, demanding an undisclosed ransom payment by February 24 to prevent the release of the stolen information. This group has a history of high-profile targets, having previously claimed attacks on government entities in Panama, Hungary, and the United States, including a 2025 breach of the Pennsylvania Office of the Attorney General.

In response to the threat, Air Côte d'Ivoire notified several regulatory and security bodies, including France’s National Agency for the Security of Information Systems and the Ivory Coast Telecommunications Regulatory Authority. This coordination is particularly relevant given that Air France holds a partial ownership stake in the West African carrier. The airline is currently working alongside the Côte d'Ivoire Computer Emergency Response Team and various international cybersecurity experts to investigate the full scope of the data exposure.

The company has publicly acknowledged the potential risks this leak poses to its passengers, employees, and service providers. Management stated that they are taking every possible measure to limit the consequences of the breach while working closely with competent legal and security authorities. The focus remains on mitigating the impact on stakeholders and ensuring that the airline's regional and international routes to dozens of African countries, Lebanon, and France continue to operate without further technical interference.

This incident highlights a growing trend of ransomware groups targeting regional airlines to exploit the time-sensitive nature of the aviation industry. Throughout the previous year, several carriers including South African Airways, Qantas, and Iberia faced similar digital threats. Hackers continue to view the potential for travel disruption as a powerful lever to coerce rapid ransom payments from companies that cannot afford prolonged operational downtime.

Source: Air Côte d'Ivoire Confirms Cyberattack After Ransomware Claims