A cybercriminal group called Inc today took credit for hacking Namibia Airports Company in March 2026.
Earlier this month, NAC announced a March 6 cybersecurity incident disrupted its operations.
Inc claimed responsibility for the incident on its data leak site and said it stole nearly 500 GB of data.
NAC has not acknowledged Inc’s claim and Comparitech cannot independently verify it. We do not know what data was compromised, if NAC paid a ransom, how much Inc demanded, or how attackers breached NAC’s network. Comparitech contacted NAC for comment and will update this article if it replies.
“Namibia Airports Company (NAC) confirms that on 6 March 2026, a cybersecurity incident was detected affecting certain IT systems. The incident involved unauthorised access to network infrastructure and administrative accounts,” says NAC’s March 16, 2026 announcement.
“Services were restored and operational disruption has been assessed as limited. At this stage, there is no evidence of data exfiltration, though investigations are ongoing to determine the full scope of the incident.”
Who is Inc?
Inc is a ransomware group that first surfaced in July 2023 and targets a wide range of victims in healthcare, education, and government. Its methods involve spear phishing and exploiting known vulnerabilities in software. Once infected, Inc’s malware both steals data and locks down computer systems until a ransom is paid to unlock them.
Inc has claimed responsibility for 694 ransomware attacks in total. The targeted organizations confirmed 173 of those claims.
Of the confirmed attacks, 24 hit government entities including airports.
This is Inc’s fifth attack on an aviation company. The others are:
- Oceanair (USA)
- Air Europa (Spain)
- South African Airways
- Air Côte d’Ivoire
In 2026 to date, Inc has taken credit for another 114 attacks, 10 of which were confirmed by the targeted organizations.
Ransomware attacks on transportation
Two other government-run transportation hubs have been hit this year so far:
- Nagoya Port Authority in Japan reported a January 2026 cyber attack claimed by LockBit
- Tulsa International Airport in Oklahoma reported a January 2026 cyber attack claimed by Qilin
In 2026 to date, we’ve logged 22 confirmed ransomware attacks on government entities worldwide and four on privately-owned transport companies.
Ransomware attacks on transportation companies can both lock down computer systems and steal data. They can cause transportation delays and transportation, disrupt booking and payments, an cut off customer service. Companies must then pay a ransom or they can face extended downtime, permanent data loss, and putting travelers at increased risk of fraud.
Ransomware attacks in Namibia
Comparitech researchers have logged five confirmed attacks on organizations in Namibia. In addition to NAC, they include:
- The municipality of Otjiwarongo reported a July 2025 data breach claimed by Inc
- Namibia Wildlife Resorts reported a February 2021 ransomware attack
- Telecom Namibia reported a November 2024 data breach claimed by Hunters International
- Paratus Group reported a February 2025 data breach claimed by Akira
About Namibia Airports Company
NAC is the state-owned operator of eight large airports in Namibia and is overseen by the Ministry of Public Works and Transport. The airports it operates include:
- Hosea Kutako International Airport at Windhoek
- Eros Airport in Windhoek
- Walvis Bay Airport in Walvis Bay
- Lüderitz Airport in Lüderitz
- Keetmanshoop Airport in Keetmanshoop
- Ondangwa Airport in Ondangwa
- Rundu Airport in Rundu
- Katima Mulilo Airport in Katima Mulilo
