HQ/EMEAFind out how we can help your business
A threat actor, SkyWave, has leaked the alleged stolen data related to NATO and its affiliates. The breach, discovered through a daily manual routine scan by our iZOOlogic researchers, has raised serious concerns about data security among international defence and government agencies.
As of now, the infiltration method that caused the leaked database remains a mystery as the threat actor did not specify whether the attack resulted from a direct data breach incident or an exploit on a third-party vulnerability.
Moreover, the lack of details about the exact nature of the compromise has resulted in various speculations about potential security weaknesses in NATO’s digital infrastructure.
SkyWave claims that the leaked database is worth 3TB.
The leaked database that SkyWave supposedly leaked contains over three terabytes of classified documents, technical reports, and member/partner details from NATO and various governmental organisations. The breach documents bear different security classification levels, including NATO Restricted, NATO Confidential, and NATO Secret.
Our researchers also observed a list of organisations potentially impacted by the leak. Most of them are global defence entities, such as:
• Ministry of Armed Forces of France
• Ministry of Defence of the Netherlands
• Turkish Government
• UK Government
• United States Navy
• Canadian Armed Forces
• NASA Glenn Research Center
• Ministry of Defence of Spain
• Naval Air Systems Command
• NATO Research and Technology Agency
• Ministry of Defence of Italy
• Department of Defence of Australia
• Ministry of Foreign Affairs of Georgia
• Polish Space Agency
• Ministry of Defence of Latvia
• Science and Technology Agency of Singapore
• Secretary of the Navy in Mexico
Furthermore, the exposed database contains sensitive personal information, including names, nationalities, countries, email addresses, phone numbers, fax numbers, physical addresses, employer details, and job titles.
The compromised data surfaced on DarkForums on February 13, 2025, where SkyWave sold the database for $12,000. There is no indication that the victimised entities have made any ransom payments, nor has NATO officially commented on the breach.
On the other hand, some forum users claim that the same dataset was sold on other darknet platforms, hinting at potential multiple breaches or resale of stolen information.
Despite the severity of the breach, NATO has yet to issue an official response.
