Cyberattacks against airlines

In recent months, there have been several cyberattacks against airlines that have affected their operations and caused economic losses

Every day, thousands of planes carry millions of people across the sky. Air transport is essential for business and professional travel, as well as for personal and family trips. Heavy air traffic intensifies even further during the summer months when millions of people go on vacation. That is why cyberattacks against airlines can cause greater damage during this time of year. And cybercriminals are well aware of this.

1. A summer marked by cyberattacks against airlines

In fact, in recent weeks, several cyberattacks against airlines have been made public, affecting issues as important as the operation of some applications and the protection of their customers’ data.

For example, in early July 2025, Australian airline Qantas announced that a cyberattack on a third-party platform used by one of its contact centers had resulted in the theft of personal data from 5.7 million passengers.

A few days earlier, WestJet, Canada’s second-largest airline, reported a security incident that had impacted access to its software and services and caused disruptions and errors on its website and mobile app. It was later announced that this attack had also resulted in the theft of personal and travel information from passengers.

Even more serious was the incident suffered at the end of July 2025 by the Russian airline Aeroflot. The company had to cancel dozens of flights over two days and accumulated delays for those flights that were able to take off. Two groups of Ukrainian and Belarusian hacktivists claim to have deleted 7,000 of the company’s servers and accessed critical information such as flight history. However, for now, the Russian Ministry of Transport has only referred to the company suffering “a failure in its IT infrastructure.”

Below, we analyze the key aspects of cyberattacks against airlines and examine what airlines can do to protect their digital assets and information from cybercriminals.

2. A technologically advanced sector where continuous efforts are made to ensure flight safety

Since the Spirit of St. Louis flew across the Atlantic Ocean to connect New York and Paris, the air transport sector has been a benchmark for technological innovation. Year after year, aircraft and flight operations are refined to meet the highest safety standards. It is not for nothing that airplanes are the safest means of transport in the world.

In the digital age, aircraft safety obviously depends on ensuring that their systems cannot be affected by security incidents. This is especially true in today’s turbulent and hostile geopolitical context, with armed conflicts in Eastern Europe and the Middle East.

For this reason, companies in the aviation sector invest a great deal of resources in combating cyber threats related to flight safety.

For example, in 2024, it was reported that thousands of flights to and from Europe had suffered possible Russian interference in the Baltic Sea, causing problems with GPS, a key technology in air navigation. Although flight safety was not affected, these incidents highlight the importance of airlines placing cybersecurity at the heart of their strategies.

3. Finding a weakness in the supply chain and deceiving airline professionals. This is how cyberattacks against airlines occur

Along with the cyberattacks against airlines mentioned at the beginning of this article, we should mention other recent incidents that show that the sector is being targeted by leading criminal groups such as Scattered Spider.

For example, a few weeks ago, Hawaiian Airlines suffered an incident similar to that of Qantas and WestJet, which caused some of the airline’s computer systems to be taken offline while responding to the attack.

What do the cyberattacks against airlines in the last two months reveal?

1. Airlines need to strengthen their supply chain to prevent incidents suffered by some of their many suppliers from leading to costly cyberattacks against airlines.
2. Criminal groups such as Scattered Spider have targeted the aviation sector. They are capable of designing and implementing sophisticated social engineering attacks to deceive airline professionals or their trusted suppliers, bypass prevention measures such as multi-factor authentication, and sneak into airline systems to deploy malware and steal information.

In fact, following the campaigns launched by Scattered Spider, the FBI has warned that “anyone within the airline ecosystem, including trusted suppliers and contractors, could be at risk” of falling victim to a social engineering attack that would allow criminals to infiltrate organizations’ systems and launch cyberattacks against airlines.

4. Traveler data, a key target for hostile actors

In recent cyberattacks against airlines, criminals have not been able to obtain critical information such as industrial and intellectual property, company financial data, or financial data on passengers and staff.

However, they have been able to access personal data such as names, email and home addresses, phone numbers, dates of birth, and even such specific details as in-flight meal preferences.

What are malicious actors looking for when they steal this information and encrypt it using ransomware?

1. To extort money from airlines by demanding a ransom. For example, Qantas went public that it was being extorted after the incident it suffered.
2. Use all the information gathered to launch massive fraud campaigns against travelers or to sell it on the Dark Web so that other criminals can take advantage of it.

Why are malicious actors choosing to launch cyberattacks against airlines in recent months?

1. Some experts point out that aviation-related software providers and other suppliers have security strategies that are not robust enough to combat data breaches.
2. As we pointed out at the beginning, this is the most critical time of year for airlines, so it makes sense that criminal groups would consider them an attractive target. This is especially true when we consider the large amount of information they handle.

5. What about airports? If they suffer incidents, they can undermine the operations of airlines

Although this article focuses on cyberattacks against airlines, we cannot ignore another key player in air transport: airports.

Security incidents at airports can cause flight cancellations and delays, and force airlines to take basic actions offline, such as passenger check-in or baggage check-in. This is what happened in 2024 after a hostile actor gained access to the computer systems at Seattle-Tacoma Airport in the United States.

More recently, Kuala Lumpur Airport in Malaysia also suffered a security incident that disrupted flight information display systems and check-in counters. The criminals also demanded a ransom of $10 million.
Similar consequences were seen in the fall of 2024 at Monterrey Airport in Mexico, where a ransomware attack against the company that manages it caused disruptions in check-in, baggage screening, and airport parking machines.

6. The consequences of cyberattacks against airlines

As with virtually any successful security incident, the consequences of cyberattacks against airlines are basically threefold:

• Economic. In the middle of the 2024 Christmas season, Japan Airlines suffered a security incident as a result of a distributed denial-of-service (DDoS) attack that caused flight delays and impacted same-day ticket purchases, the airline’s mobile app, and its baggage management system. What are the consequences of these incidents? Direct financial losses from tickets that could not be sold, tickets that must be refunded, and even compensation payments. These losses are more serious if flights have to be canceled, as was the case in the incident involving Aeroflot in July 2025.
• Reputational. Cyberattacks against airlines damage their brand image, especially if their operations are affected and if the incidents result in the theft of passengers’ personal information. The more serious the repercussions of a security incident, the greater the impact on an airline’s reputation.
• Legal. Cyberattacks against airlines in which personal data of passengers or professionals is stolen and exfiltrated may result in financial penalties for data protection if all necessary technical and organizational measures were not taken to safeguard the information. In addition, if the data is used in successful fraud, claims for compensation may also arise.

It is therefore of paramount importance that airlines strengthen their cyber resilience against attacks in an increasingly complex and dangerous threat landscape.

7. An increasingly demanding regulatory framework: NIS2 and Implementing Regulation 2023/203

In fact, this is the objective of the NIS2 Directive, which seeks to strengthen the security strategies of organizations operating in sectors critical to the European economy and society. Air transport is one of these sectors.

Hence, the future Cybersecurity Law, which will transpose the directive into Spanish law, establishes a broad catalog of measures that airlines must implement, including:

• The development of a risk analysis.
• Security incident management.
• Crisis management and recovery after an incident.
• Strengthening supply chain security.
• Vulnerability management.
• The use of cryptography and encryption to protect information.
• The use of multi-factor authentication solutions and the design of access control policies.

7.1. Information security management, an essential issue

Along with the NIS2 Directive, we must take into account Implementing Regulation 2023/203, which comes into force throughout the European Union on February 22, 2026. This regulation establishes a series of obligations for actors in the aviation sector regarding the management of risks related to information security.

Airlines will therefore have to comply with requirements such as:

• Having an information security management system (ISMS) in accordance with the provisions of the implementing regulation.
• Conducting an information security risk assessment and implementing measures to manage those risks.
• Having an internal and external system for reporting any information security incidents.
• Detect and respond to incidents affecting information security, and have a policy for recovery after an incident.
• Appoint or hire those responsible for managing information security.
• Continuously optimize the ISMS.

8. How to strengthen resilience against cyberattacks against airlines

Both the rise of cyberattacks against airlines and the implementation of a more stringent regulatory framework for cybersecurity highlight the critical role that cybersecurity services can play in protecting airlines, their business model, and passengers. What services are we talking about?

• Continuous security audits that combine automated vulnerability scanning with the expertise of cybersecurity experts. These audits should take into account an organization’s entire technology infrastructure and the use of third-party software and devices.
• Vulnerability management services to prioritize the remediation of weaknesses found based on their level of criticality or the likelihood of them being successfully exploited.
• DoS testing to prevent distributed denial-of-service attacks such as the one suffered by Japan Airlines.
• Social engineering testing to train and raise awareness among company professionals and their suppliers about the social engineering techniques used by malicious actors.
• Penetration Testing services to identify and remedy weaknesses that hostile actors can exploit to gain unauthorized access to a company’s systems or steal business or customer information.
• Red Team. Large companies such as airlines can undergo Red Team exercises to test their ability to withstand complex attacks, train the personnel responsible for defending the organization, and optimize their security strategy.
• Proactive incident response services. In cyberattacks against airlines, it is essential to be able to act immediately to limit the scope of the incident, expel malicious actors from corporate systems, safeguard business continuity, and minimize economic, reputational, and legal consequences.

9. In conclusion

Following the latest cyberattacks against airlines, it is clear that malicious actors are targeting the sector.

In addition, cybersecurity requirements for airlines are set to become more stringent in the short term.

It is therefore essential that these companies, which are vital to the economy and society, continue to strengthen their security strategies and have advanced cybersecurity services tailored to their specific needs.