In early 2022, SafetyDetectives researchers discovered a publicly accessible Amazon S3 bucket belonging to Pegasus Airlines — a major Turkish airline with approximately 74 million passengers per year — that contained approximately 6.5 terabytes of data. The exposed data included: Electronic Flight Bag (EFB) software source code, flight logs, navigation charts, insurance documents, crew personal information (names, addresses, passport numbers, employment details), and numerous operational files. The bucket contained approximately 23 million files. The exposure was particularly sensitive because it included crew member personal identification documents (passports) and operational aviation data that could potentially be used to understand flight operations. SafetyDetectives responsibly disclosed the findings to Pegasus Airlines, which was identified from the S3 bucket naming convention. This exposure occurred while Pegasus Airlines was already dealing with a separate data breach from a 2020 incident. The case demonstrated the persistent risk of misconfigured cloud storage at major transportation companies handling highly sensitive operational data. Aviation data exposures carry particular regulatory weight under IATA and ICAO data security standards. Pegasus secured the bucket after notification.