On February 26–27, 2026, the Qilin ransomware gang listed Malaysia Airlines on its dark web leak site. Unlike its typical practice, the group published no file samples, data cache size estimates, or proof of exfiltration. Malaysia Airlines has not confirmed the breach. The listing is classified as an alleged claim. If confirmed, stolen data may include passenger booking and contact records, personnel files, vendor contracts, and internal communications. Qilin emerged in 2022, is linked to Russia, and became the most active ransomware group of 2025.