Hawaiian Airlines suffers cyberattack in campaign targeting aviation sector

Posted date 07/08/2025

On June 26, 2025, Hawaiian Airlines reported that it had suffered a cybersecurity incident, coinciding with several warnings issued by the FBI and cybersecurity companies Mandiant and Palo Alto Networks about attacks by the US cybercriminal group Scattered Spider against the aviation sector.

The FBI warned that this group has expanded its attacks to several airlines, using social engineering techniques to access systems, either by attacking the airlines themselves or through their trusted suppliers and contractors. In the statement, the FBI indicated that companies should report any suspicious activity immediately to prevent further damage.

Mandiant also said that its investigations have detected multiple similar incidents in the sector and recommended implementing protective measures such as robust identity verification and phishing-resistant multi-factor authentication.

Hawaiian Airlines, a subsidiary of Alaska Air Group, told the US Securities and Exchange Commission (SEC) that it is working with authorities and experts to investigate and mitigate the incident, ensuring that its flights continue to operate normally. So far, the airline has not released any further information determining the scope of the incident.