In August 2025, Ireland’s major airport suffered a significant data breach impacting over 3.8 million passengers. The cyberattack targeted aviation technology supplier Collins Aerospace and MUSE check-in software, raising serious concerns over the resilience of Ireland’s critical infrastructure and third-party supply chains.  

 

Dublin Airport’s Operator, the DAA, first learned of the security breach on September 18 and notified supervisory authorities within 24 hours. The Data Protection Commission (DPC) subsequently opened an investigation, while the Irish Aviation Authority addressed aviation safety concerns and operational security implications. 

 

According to the DAA, the data breach compromised various passenger information, including:  

 

  • Passenger booking references  

 

  • First and last names  

 

  • Frequent flyer numbers  

 

  • Contact information (email addresses and phone numbers) 

 

  • Travel itineraries 

 

  • Device identifiers 

 

  • Potentially other booking-related data  

 

Of key concern is the supply chain risk. MUSE functions as a platform for multiple airlines, meaning a single vendor-level compromise can have far-reaching consequences that extend well beyond a single carrier.   

 

This critical breach is far from an isolated incident. Cyberattacks within the aviation sector have reportedly increased by 600% over the last year, highlighting the urgent need for strengthened security measures, vendor risk management and incident preparedness.  

 

Digital innovation without corresponding security safeguards can lead to devastating outcomes for both organisations and data subjects. With both the European Union’s NIS2 Directive and Digital Operational Resilience Act (DORA) coming fully into force in 2025, bringing new requirements for cybersecurity, incident reporting and risk management, organisations must modernise their defences to align with these new frameworks.  

 

Against this backdrop, the importance of having an experienced Data Protection Officer (DPO) has never been clearerA skilled DPO can help bridge the gap between organisational goals, regulatory requirements and evolving technology. Ultimately, steering compliance efforts and strengthening governance, mitigating risks through comprehensive security measures, and ensuring organisations are prepared to respond effectively when incidents occur.   

 

HewardMills is here to help  

 

As a global DPO provider, our expert team supports organisations in building compliant, resilient data protection frameworks that keep pace with innovation and regulatory change.  We work closely with clients to minimise data breach risks and manage critical incidents swiftly and effectively. 

 

If you need support with data protection, cybersecurity governance, or regulatory readiness under NIS2 and DORA, get in touch today.