The Namibia Airports Company (NAC) says data stolen in a recent cyberattack has been released on the dark web.
The company confirmed that the leaked material includes airport permit system files, parking management databases, engineering and project documents, financial records and internal reports.
NAC said it is still verifying whether sensitive or personal information has been compromised.
“Immediate containment measures were implemented following the incident, and additional safeguards have been deployed,” the company said.
Airport operations, safety and security have not been affected.
The breach has been linked to the INC ransomware group, according to Namibia’s Cyber Security Incident Response Team (NAM-CSIRT).
The group claims it exfiltrated about 500GB of data after gaining unauthorised access to NAC’s systems. It first disclosed the attack on 19 March 2026 and indicated plans to publish the data.
Authorities had earlier said no data had been released. NAC has now confirmed that part of the dataset is online.
The INC group is known for “double extortion” attacks, where data is stolen and victims are pressured into paying to prevent publication.
This is the second known attack by the group in Namibia, following a breach at Otjiwarongo Municipality.
NAM-CSIRT has urged organisations to tighten cybersecurity controls, including system updates, multi-factor authentication and employee awareness.
Investigations into the NAC breach are ongoing as authorities assess the full impact.
