Sunlight Express Airways is the victim in a ransomware claim where a payload was used to encrypt core IT systems supporting ticketing, reservations, and the Sunlight Miles loyalty program. The claim also indicates data exfiltration and extortion, with threats to publicly disclose passenger and operational data unless a ransom is paid. #Philippines
Incident Details
- Victim: Sunlight Express Airways
- Sector: Transportation/Logistics
- Country:
- Actor: payload
- Source: http://payloadrz5yw227brtbvdqpnlhq3rdcdekdnn3rgucbcdeawq2v6vuyd.onion/posts/b4c9d63d-2827-4bb9-b1b9-edf84f780a74
- Discovered: 2026-04-16 12:25:17.550689
- Published: 2026-04-16 12:24:53.185114
Information
- Offers affordable flights to popular Philippine island destinations such as Cebu, Coron, Boracay, Siquijor, and Siargao.
- Provides private charters, vacation packages, and a loyalty program called Sunlight Miles.
- Targets both leisure and business travelers.
- Aims to enhance the travel experience with exclusive passenger perks and flexible booking options.
- Committed to expanding flight frequencies and routes.
- Facilitates convenient travel across the Philippines.
Disclaimer: This post is based on public claims made by the ransomware group "payload". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.