Information notice regarding a security incident

On 24–25 November 2025 AirHelp Germany GmbH (“AirHelp”) was indirectly affected by the global Shai-Hulud supply-chain malware attack.

AirHelp has no evidence that any exposed data was accessed or misused. The incident lasted approximately 24 hours and was immediately contained.

What happened

As a result of the global Shai-Hulud supply-chain malware attack, GitHub access tokens belonging to one developer and a CI/CD service account were briefly exposed, causing certain repositories to become temporarily accessible.

What data may have been affected

Due to the temporary exposure, it is possible that the following data stored within the codebase could have been accessed:

• Email addresses (customer, partner or employee accounts)

• A limited number of customer names

The final number of affected personal data entries is expected to be low, and we have not identified any additional data categories involved.

Risk assessment

Given the nature of the data (emails and some names), the short exposure window, the lack of any malicious activity, and the current findings of our investigation, we assess that the incident does not constitute a high risk to the rights or freedoms of individuals under Article 34 of the GDPR.

What AirHelp did

Immediately after discovery, AirHelp:

• Revoked and rotated all exposed tokens

• Secured the affected repositories

• Removed any publicly visible content

• Performed security scans, audits, and additional preventive measures

AirHelp has submitted a notification of the incident to the competent supervisory authority, the Berliner Beauftragte für Datenschutz und Informationsfreiheit, in accordance with Article 33 of the GDPR.

Recommended precautions

Although the risk is low, we recommend AirHelp customers stay alert to phishing attempts or unusual emails and review relevant account security settings.

Contact

If you wish to verify whether your data was affected or need additional information, please contact [email protected].