Russian ransomware hackers allegedly hit Tulsa airport in cyberattack, dump private files online as proof

• Qilin ransomware gang claims breach of Tulsa International Airport data
• Leaked samples include executive emails, IDs, financial and governance documents
• Group is major RaaS threat, breaching 1,000+ organizations in 2025, 50+ in January 2026

Russian ransomware operators Qilin have claimed to have broken into the Tulsa International Airport and stolen an unspecified amount of sensitive company data.

A report from Cybernews says the group recently added the airport to their data leak site, and included 18 samples as proof of their claims.

The researchers analyzed the samples, finding it included C-suite emails, as well as email correspondence between executives and “high-level banking officials” outside the airport. The data also apparently includes copies of employee IDs, driver’s licenses, and passports, but also annual budget and revenue spreadsheets, confidentiality and non-disclosure agreements, telehealth reports, governance meeting minutes, insurance documents, banking communications, tenant databases, vendor revenue sheets, and court case documents ...