Airlines

Cyberattacks Hit Two Major North American Airlines: Impact on Passengers

In June 2025, cyberattacks hit Hawaiian Airlines and WestJet with no flight delays. American Airlines experienced major system outages causing flight disruptions. The FBI identified the hacker group Scattered Spider as responsible. Airlines and regulators are enhancing cybersecurity amid rising digital threats in aviation.

Cyberattacks Hit Two Major North American Airlines: Impact on Passengers
Dive Right Into

Key Takeaways

• Hawaiian Airlines and WestJet suffered cyberattacks in June 2025 but maintained normal flight operations.
• American Airlines faced a major system outage on June 27, delaying 21% and canceling 2% of flights.
• FBI warned the hacking group ‘Scattered Spider’ targets airlines using social engineering and third-party breaches.

In late June 2025, two major North American airlinesHawaiian Airlines and WestJetconfirmed they had suffered serious cyberattacks, shaking passenger confidence and raising urgent questions about the safety of personal data and the reliability of airline services. The attacks, which began with WestJet in mid-June and hit Hawaiian Airlines on June 23, did not disrupt flight operations, but they did expose weaknesses in the digital systems that millions of travelers rely on every day. Just days later, American Airlines experienced a massive system outage on June 27, stranding passengers and fueling speculation about a possible cyber connection. The FBI quickly issued a warning that a notorious hacking group, “Scattered Spider,” was now targeting airlines, signaling a new and dangerous phase for the aviation industry.

This wave of cyber incidents has left passengers, airline staff, and regulators scrambling for answers. What exactly happened, how did airlines respond, and what does this mean for travelers and the future of airline cybersecurity? Here’s a detailed look at the events, the risks, and the steps everyone should take moving forward.

Cyberattacks Hit Two Major North American Airlines: Impact on Passengers
Cyberattacks Hit Two Major North American Airlines: Impact on Passengers

What Happened: Timeline and Key Details

Hawaiian Airlines and WestJet Hit by Cyberattacks

On June 23, 2025, Hawaiian Airlines confirmed a cybersecurity incident affecting some of its IT systems. The airline acted quickly, isolating the affected systems and assuring the public that flight operations and safety were not compromised. According to the airline, “Upon learning of this event, we immediately took steps to safeguard Hawaiian’s operations and systems. Flights are currently operating safely and as scheduled.”

WestJet faced a similar attack about two weeks earlier. The breach impacted customer-facing services, including its mobile app and online booking tools. WestJet reported “significant progress” in resolving the hack and, like Hawaiian Airlines, stated that no flights were delayed or canceled as a result.

American Airlines System Outage Raises Alarm

On June 27, 2025, American Airlines suffered a major system outage, causing chaos at airports across the United States 🇺🇸. At the peak of the disruption, 21% of American Airlines flights were delayed and 2% canceled. PSA Airlines, a regional subsidiary, saw even worse numbers: 27% of flights delayed and 11% canceled. While American Airlines described the event as a “technology issue,” the timing and lack of details led many to suspect a possible cyberattack.

FBI and Federal Response

The FBI responded quickly, issuing an alert on June 28, 2025. The agency warned that the “Scattered Spider” cybercriminal group, known for attacking casinos and large companies, was now focusing on the North American airline sector. The FBI explained that these hackers use “social engineering”—tricking people into giving up passwords—and often target third-party IT providers that airlines depend on.

The Federal Aviation Administration (FAA) confirmed that there was no impact on flight safety for Hawaiian Airlines and said it was monitoring the situation closely. The National Transportation Safety Board (NTSB) began reviewing the American Airlines outage, while the Transportation Security Administration (TSA) and other agencies urged airlines to strengthen their defenses.

How Airlines and Authorities Responded

Immediate Actions by Airlines

Both Hawaiian Airlines and WestJet credited their ability to keep flights running to network segmentation (keeping different parts of their computer systems separate) and business continuity planning (having backup plans ready). These steps prevented the hackers from reaching systems that control flight operations.

  • Hawaiian Airlines: Isolated affected IT systems, kept flights on schedule, and began investigating possible data exposure.
  • WestJet: Restored customer-facing services and reported no operational disruption.

Regulatory and Industry Response

The FAA and NTSB launched investigations into the incidents, especially the American Airlines outage. The FBI and federal cybersecurity agencies coordinated with affected airlines, urging them to harden their defenses and report any suspicious activity.

The TSA already requires airlines to use multi-factor authentication (using more than just a password to log in), monitor their systems for threats, and report incidents quickly. The White House’s National Cybersecurity Strategy suggests even stricter rules are coming soon.

The Bigger Picture: Why Are Airlines Being Targeted?

Growing Threats in Aviation

The aviation industry has seen a sharp rise in cyberattacks:

  • 24% increase in cyberattacks in recent years
  • 55 reported incidents in 2022 alone
  • 71% of attacks involve stealing passwords or gaining unauthorized access
  • 25% are DDoS attacks (where hackers flood websites with traffic to shut them down)

As airlines rely more on digital systems for booking, payments, and customer service, hackers see more opportunities to cause trouble or steal valuable data.

Who Is Scattered Spider?

Scattered Spider” is an English-speaking hacking group known for phishing (tricking people into giving up sensitive information) and ransomware (locking up systems and demanding payment). They have previously attacked casinos like Caesars and MGM, as well as major retailers. Now, according to the FBI, they are expanding their focus to airlines, using similar tactics to break into systems.

What Does This Mean for Passengers?

Immediate Effects

For Hawaiian Airlines and WestJet passengers, there were no immediate safety risks or flight cancellations. Flights continued as normal, thanks to strong security measures. However, there is a risk that personal data—such as driver’s license numbers, payment information, and contact details—may have been exposed.

Passengers on American Airlines faced a much tougher situation. The system outage led to long delays, canceled flights, and stranded travelers. Many had to wait in long lines as staff switched to manual processes.

Ongoing Risks

  • Personal Data Exposure: If hackers accessed customer data, passengers could be at risk of identity theft or fraud.
  • Disrupted Services: Future attacks could affect online bookings, customer service, and loyalty programs.
  • Financial Losses: Delays and cancellations can lead to extra costs for travelers, including missed connections and lost hotel bookings.

What Should Passengers Do Now?

If you traveled with Hawaiian Airlines, WestJet, or American Airlines in June 2025, here are practical steps to protect yourself:

  1. Monitor Airline Communications: Check the official websites and apps for updates about the incident and any data breach notifications.
  2. Protect Your Personal Data: If you receive notice that your data was exposed, change your passwords, monitor your credit report, and consider signing up for identity theft protection.
  3. Rebooking and Compensation: If your flight was delayed or canceled, follow the airline’s instructions for rebooking or requesting compensation.
  4. Contact Customer Service:
    • Hawaiian Airlines: Use the official website or app for updates and support.
    • WestJet: Visit the official website or app for the latest information.
    • American Airlines: Check the official website, airport counters, or customer service for help with rebooking and compensation.

For more information on how to report cybercrime or protect your identity, visit the FBI Internet Crime Complaint Center (IC3).

Industry and Regulatory Implications

For Airlines

The recent attacks have put airlines under increased regulatory scrutiny. Authorities may impose fines or require airlines to upgrade their cybersecurity systems. Airlines also face financial losses from disrupted operations, compensation payouts, and damage to their reputation.

To prevent future incidents, airlines must invest in:

  • Stronger cybersecurity infrastructure
  • Regular staff training to spot phishing attempts
  • Better incident response plans to recover quickly from attacks

For Regulators

The FAA, TSA, and other agencies are reviewing current rules and may introduce stricter cybersecurity mandates. The TSA’s 2023 directives already require airlines to use multi-factor authentication, monitor systems, and report incidents. The White House’s National Cybersecurity Strategy signals that even tougher standards are on the way.

Analysis from VisaVerge.com suggests that these new rules could include faster reporting requirements and heavier penalties for airlines that fail to protect customer data.

Expert Perspectives

Cybersecurity Experts

Experts say that separating IT and operational systems was key to preventing more serious disruptions. However, the attacks revealed that reservation, payment, and customer data systems remain vulnerable. Airlines must keep updating their defenses as hackers become more sophisticated.

Regulatory Analysts

Analysts point out that the aviation sector is behind other critical industries in cybersecurity. New regulations, like the TSA directives and the European Union’s NIS2 rules, are pushing airlines to catch up quickly.

Industry Groups

Industry leaders stress the need for information sharing between airlines, better incident management, and strong emergency planning. The International Civil Aviation Organization (ICAO) has a Cybersecurity Strategy that outlines these best practices.

Background: Cyber Threats in Aviation

The aviation sector’s digital transformation—using more online services, mobile apps, and third-party IT providers—has made it a bigger target for hackers. Geopolitical tensions can also increase the risk, as seen in recent attacks on airlines in other countries.

  • Delta Air Lines narrowly avoided a ransomware attack in 2024.
  • Japan Airlines suffered a cyberattack in December 2024, disrupting operations.

These incidents show that no airline is immune, and the threat is growing.

Looking Ahead: What’s Next for Airline Cybersecurity?

Regulatory Action

Expect stricter, enforceable cybersecurity standards in the United States 🇺🇸 and around the world. Airlines will need to report incidents faster and face heavier penalties if they don’t protect customer data.

Industry Investment

The recent attacks are likely to drive more investment in cybersecurity technologies, staff training, and business continuity planning across the aviation sector.

Persistent Threat

Experts warn that as hackers get smarter, airlines must continuously update their defenses and prepare for more disruptive attacks. This includes protecting both IT systems (like booking and payment) and operational systems (like flight controls).

Summary Table: Recent Airline Cyberattacks (June 2025)

Airline Incident Date Nature of Attack Operational Impact Data Exposure Risk Official Response
Hawaiian Airlines June 23, 2025 IT system breach (Scattered Spider) None Possible Systems secured, flights normal
WestJet Mid-June 2025 IT system breach None Possible Progress in recovery
American Airlines June 27, 2025 System outage (possible cyber link) Major delays/cancellations Unclear FAA/NTSB investigation

Practical Guidance for Passengers

If you’re worried about your data or future travel plans, here’s what you can do:

  • Stay informed: Regularly check your airline’s official website for updates.
  • Be alert for scams: Hackers may use stolen data to send fake emails or texts. Don’t click on suspicious links.
  • Update passwords: Use strong, unique passwords for airline accounts and change them if you suspect a breach.
  • Monitor your accounts: Watch for unusual activity on your credit cards and bank accounts.
  • Know your rights: If your flight is delayed or canceled, you may be entitled to compensation. Check the airline’s policy and ask for help if needed.

For official updates on airline safety and cybersecurity, visit the FAA’s official website.

Conclusion

The cyberattacks on Hawaiian Airlines, WestJet, and the outage at American Airlines mark a turning point for North American aviation. While immediate flight safety was not at risk, the events exposed serious weaknesses in airline IT systems and raised the risk of personal data exposure for millions of passengers. Regulators and airlines are now moving quickly to strengthen defenses, but travelers should remain alert for breach notifications and expect ongoing changes in how airlines handle digital security. As the threat from groups like Scattered Spider grows, the industry must work together to protect both passengers and the systems that keep planes flying safely.

By staying informed and taking simple steps to protect your data, you can help reduce your risk and travel with greater peace of mind.

Learn Today

Cyberattack → An attempt by hackers to damage or gain unauthorized access to computer systems.
System Outage → A period when computer systems or networks become unavailable or inoperable.
Social Engineering → Techniques hackers use to trick people into revealing confidential information.
Multi-factor Authentication → Security method requiring multiple proofs of identity to access systems.
DDoS Attack → A cyberattack flooding a website with traffic to disrupt its services.

This Article in a Nutshell

In June 2025, multiple North American airlines faced cyberattacks, exposing digital vulnerabilities. Hawaiian Airlines, WestJet, and American Airlines responded swiftly, protecting flights despite disruptions. The FBI alerted about the hacker group Scattered Spider, triggering regulatory scrutiny and industry-wide efforts to strengthen aviation cybersecurity for safer travel.
— By VisaVerge.com

Share This Article
Oliver Mercer
ByOliver Mercer
Chief Editor
Follow:
As the Chief Editor at VisaVerge.com, Oliver Mercer is instrumental in steering the website's focus on immigration, visa, and travel news. His role encompasses curating and editing content, guiding a team of writers, and ensuring factual accuracy and relevance in every article. Under Oliver's leadership, VisaVerge.com has become a go-to source for clear, comprehensive, and up-to-date information, helping readers navigate the complexities of global immigration and travel with confidence and ease.
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments

Verging Today

Trending Today

You Might Also Like

Airlines Challenge Heathrow, Call for Independent Inquiry
Airlines

Airlines Challenge Heathrow, Call for Independent Inquiry

By Jim Grey
Denver International Airport reopens Park on the Plaza for summer 2025
Airlines

Denver International Airport reopens Park on the Plaza for summer 2025

By Oliver Mercer
Donated Vintage Planes Arrive in Elkhart to Train Aviation Students
Airlines

Donated Vintage Planes Arrive in Elkhart to Train Aviation Students

By Robert Pyne
70-year-old legal resident detained at Boston Logan International Airport
Airlines

70-year-old legal resident detained at Boston Logan International Airport

By Jim Grey
Show More