CoinbaseCartel has claimed Panasonic Avionics Corporation as its latest victim, with the breach discovered on May 22, 2026. This is the same threat actor we previously reported breaching Grafana Labs — and the Panasonic claim marks the group’s 118th documented victim.
Panasonic Avionics Corporation (operating under panasonic.aero) is a major provider of in-flight entertainment and connectivity systems used across commercial aviation. It is a division of Panasonic, distinct from the parent company’s consumer and enterprise electronics operations.
CoinbaseCartel has not publicly disclosed what data was taken from Panasonic Avionics’ systems. The group follows a consistent operational model: access is obtained, data is exfiltrated, and victims are given the choice between payment and publication. There is no ransomware. No encryption. No recovery keys to negotiate around.
A Group That Skips the Malware
CoinbaseCartel’s defining characteristic — and what makes it particularly dangerous from a defensive posture perspective — is its deliberate rejection of ransomware encryption. The group specializes in what it describes as “data acquisition through system access and strategic partnerships,” focusing exclusively on exfiltration.
This matters tactically. The standard enterprise playbook for ransomware defense involves immutable backups, segmentation, and recovery capabilities. A threat actor that never encrypts anything makes immutable backups irrelevant as a defensive control. If CoinbaseCartel gets access to your environment, the question isn’t whether you can recover your systems — it’s whether the data they’ve already copied will be published unless you pay.
The model eliminates the operational complexity of maintaining encryption infrastructure, managing decryption keys, and negotiating with victims over file recovery. The only negotiation is over data publication. That simplicity also makes the group’s leverage more predictable and, in some ways, harder to contest — because the data is already gone before any negotiation begins.
The Aviation Data Exposure
Panasonic Avionics’ position in the aviation supply chain gives the breach particular sensitivity. The company’s systems handle in-flight entertainment content distribution, connectivity management, and operational data for airline partners. A breach of its corporate environment could expose:
- Airline partner contracts and technical integration details
- Employee and customer personally identifiable information
- Proprietary system configurations for in-flight connectivity
- Potentially sensitive operational data from airline customers
Aviation cybersecurity incidents carry heightened regulatory scrutiny. The FAA and international civil aviation authorities treat data security incidents involving aviation supply chain vendors as potential indicators of systemic risk — not just data loss events. Panasonic Avionics has not publicly confirmed or commented on the CoinbaseCartel claim as of the time of writing.
118 Victims in Pattern
CoinbaseCartel’s victim count — 118 organizations — suggests a group operating at consistent scale. The Grafana breach earlier this month exposed the company’s full GitHub codebase, a particularly sensitive category of data for an open-source infrastructure company whose customers rely on code integrity. The Panasonic Avionics breach, in a completely different sector, demonstrates the group’s operational breadth.
Groups operating at this victim volume typically rely on one of two approaches: opportunistic exploitation of widely deployed vulnerabilities, or systematic targeting with tooling that can be applied across multiple sectors. CoinbaseCartel’s “strategic partnerships” language in its self-description hints at the latter — a possible reference to initial access broker relationships, where access to compromised corporate environments is purchased rather than obtained through direct exploitation.
The pattern also suggests a group that has solved the operational scaling problem that limits many threat actors. Running 118 extortion campaigns requires infrastructure, personnel, and processes — a professional operation, not a side project.
What Panasonic Avionics Should Expect
Based on CoinbaseCartel’s pattern with previous victims, the next steps are predictable. The group will establish contact with Panasonic Avionics — if it hasn’t already — and set a payment deadline. If the deadline passes without payment, data will be published on the group’s leak site. There is no intermediate option to negotiate over decryption, because there is no encryption.
Panasonic Avionics’ response will need to include both the standard incident response workstream (access investigation, credential rotation, containment verification) and a parallel legal and communications workstream to manage the extortion timeline and any regulatory notification obligations that apply in aviation.
