Utair Data Breach
Utair Russian Airline Breach (2019): 401K Passenger Records Including Contact Details Exposed
Russian airline providing passenger and cargo air transport.
Risk Interpretation
Exposure enables travel fraud, phishing, booking impersonation, and physical-world targeting. Itinerary data can also reveal movement patterns and likely absence from home.
Impact & Downstream Threats
The institutional impact on Utair from the 2019 incident has been modest. The airline confirmed the underlying data exposure and characterized it as legacy data that had been quickly contained after researcher notification. Utair publicly stated that no payment-card information was compromised because card data is held separately, and that loyalty-program account access remained protected by two-factor authentication. There has been no public record of regulatory penalty, large-scale customer no
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
A data breach affecting Russian airline Utair traces to early 2019, when a MongoDB database operated by the airline's in-house IT division, UTair Digital, was left exposed on the public internet from approximately January 21 to March 21, 2019. The database was identified by Russian leak-intelligence service DLBI, which notified the airline. Utair contained the exposure and characterized it as the result of a server misconfiguration.\n\nThe data initially circulated among threat-actor circles, was offered for sale in August 2019, and was published openly on a hacker forum in August 2020. Have I Been Pwned indexed approximately 401,000 unique email addresses associated with the dataset and added the breach to its public database in late 2025. Original Russian-language reporting put the underlying record count at around 530,000 customer rows. Exposed fields included passenger names in both Cyrillic and Latin characters, email addresses, phone numbers, dates of birth, gender, home addresses, passport numbers, and UTair Status loyalty program details including accumulated miles and tier level.\n\nUtair publicly stated that no payment-card data was compromised and that loyalty accounts remained protected by two-factor authentication. The practical risk to affected passengers is concentrated in identity fraud and travel-related phishing. The combination of passport number, date of birth, and address creates an unusually strong base for international identity-verification bypass. Affected passengers should treat their passport details as exposed, monitor for unusual travel-related contact, and remain alert to phishing referencing past Utair bookings, loyalty status, or accumulated miles.
About Utair
UTair Aviation is a Russian airline based in Surgut, providing passenger and helicopter services across Russia and a smaller set of international destinations. Founded in 1967 and one of Russia's larger carriers by helicopter fleet, the airline operates regional and medium-haul passenger flights alongside extensive helicopter operations supporting the energy sector and emergency services. The carrier maintains a customer loyalty program known as UTair Status and runs its own digital systems through an in-house IT division, UTair Digital. Its passenger base is concentrated in Russia and the Commonwealth of Independent States.
Why They Hold Your Data
Commercial airlines collect passenger identity, contact details, booking records, payment-adjacent information, itinerary data, loyalty accounts, and support interactions across travel operations.
Recent Developments
Utair has continued to operate through the political and economic disruption that followed Russia's 2022 invasion of Ukraine, although Western sanctions have constrained access to international markets, aircraft parts, and certain digital services. Russian aviation more broadly has been the subject of a growing number of cybersecurity incidents linked to pro-Ukrainian hacktivist groups, including a major 2025 attack on flag carrier Aeroflot. Utair has not been publicly tied to a similar large-scale incident in the years since the 2019 leak. The 2019 dataset was added to public breach-tracking databases including Have I Been Pwned in late 2025.
Data Points Exposed
Exposure Categories
Canonical Fields
date_of_birth, email_address, full_name, gender, loyalty_program_details, passport_number, phone_number, physical_address
Dark Web Verification
- Dataset containing ~401K records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Utair Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Utair
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam