News

FBI Issues Warning on ‘Scattered Spider’ Targeting Airlines

The FBI alerted airlines in North America about Scattered Spider cyberattacks in mid-2025. WestJet and Hawaiian Airlines faced breaches without flight impacts. The group exploits social engineering to steal data and deploy ransomware. Ongoing investigations emphasize the need for heightened cybersecurity and rapid incident reporting within the aviation sector.

FBI Issues Warning on ‘Scattered Spider’ Targeting Airlines
Dive Right Into

Key Takeaways

• FBI warned airlines about Scattered Spider cyberattacks targeting US and Canadian carriers in June-July 2025.
• WestJet and Hawaiian Airlines suffered system breaches affecting internal IT, no flight disruptions reported yet.
• Scattered Spider uses social engineering and MFA bypass to steal data, deploy ransomware, and demand ransom.

Federal Warning: Scattered Spider Cyberattacks Threaten North American Airlines

In late June and early July 2025, the FBI issued a high-priority warning to the aviation industry and the traveling public. The alert centers on a cybercriminal group called Scattered Spider, which has sharply increased its attacks on major airlines and their digital systems across North America. The warning follows a series of incidents that have raised concerns about the safety of airline operations, the privacy of passenger data, and the security of the entire aviation ecosystem.

FBI Issues Warning on ‘Scattered Spider’ Targeting Airlines
FBI Issues Warning on ‘Scattered Spider’ Targeting Airlines

Who is at risk? The FBI’s warning applies to all airlines, their employees, contractors, and even travelers who rely on digital airline services. The threat is not limited to one country; both United States 🇺🇸 and Canada 🇨🇦 have seen their airlines targeted, with WestJet Airlines and Hawaiian Airlines among the most recent victims.

What happened? In June 2025, WestJet Airlines in Canada 🇨🇦 and Hawaiian Airlines in the United States 🇺🇸 both reported cybersecurity incidents. These attacks did not disrupt flights, but they did affect internal systems and raised fears about possible data theft. The FBI responded by urging all airlines and related companies to be on “high alert” and to report any suspicious activity immediately.

Why does this matter? Airlines depend on complex digital systems for everything from booking tickets to managing flight operations. A successful cyberattack could cause major delays, expose sensitive passenger data, or even threaten flight safety if critical systems are compromised.

How are these attacks happening? Scattered Spider uses advanced tricks to fool airline employees and IT staff. They pretend to be real workers or contractors, tricking help desks into giving them access to important accounts. Once inside, they steal data, demand ransom, and sometimes shut down systems.

Let’s break down what’s happening, why it matters, and what travelers and the industry should do next.

Timeline of Recent Airline Cyberattacks

The FBI’s warning comes after a series of high-profile incidents in June and July 2025:

  • June 13, 2025: WestJet Airlines reported a cybersecurity breach that affected its internal systems and mobile app. Some users could not access their accounts. The airline quickly started an investigation, brought in outside cybersecurity experts, and notified both customers and authorities. By June 18, WestJet said it had made progress in securing its systems, but the investigation was still ongoing.

  • June 26, 2025: Hawaiian Airlines announced a “cybersecurity event” that hit some of its IT systems. The airline confirmed that flights were not affected. It worked with federal authorities and cybersecurity experts to address the problem.

  • June 27, 2025: The FBI posted a public alert on LinkedIn and X (formerly Twitter), warning the aviation industry to be on “high alert.” The agency encouraged early reporting of suspicious activity to help prevent further attacks.

  • July 1-5, 2025: News outlets and cybersecurity firms confirmed the FBI’s warnings. Experts shared their concerns about the risks and possible impacts for both travelers and the aviation industry.

How Scattered Spider Attacks Airlines

Scattered Spider is not a typical hacker group. It uses a mix of clever tricks and technical skills to break into airline systems. Here’s how they operate:

Social Engineering

  • Impersonation: The group pretends to be real employees or contractors. They call or email IT help desks, using personal details to sound convincing.
  • Credential Theft: Their main goal is to get the usernames and passwords of important staff, like system administrators or top executives.
  • MFA Bypass: Even if accounts are protected by multi-factor authentication (MFA), Scattered Spider tricks help desks into adding new, unauthorized devices to these accounts. This lets them get in without the real user knowing.

Targeting Third Parties

  • Expanding the Attack: Scattered Spider doesn’t just attack airlines directly. They also go after third-party IT providers, vendors, and contractors. This makes the entire airline ecosystem vulnerable.

Ransomware and Data Extortion

  • Stealing Data: Once inside, the attackers steal sensitive data, such as customer information or business secrets.
  • Ransom Demands: They often use ransomware to lock up systems and demand payment to unlock them. They may also threaten to release stolen data unless they are paid.

Rapid Escalation

  • Quick Action: Experts say Scattered Spider can move very fast. Sometimes, they break in, set up their access, and launch ransomware attacks within just a few hours.

Impact on Airlines and Travelers

Operational Disruption

So far, the attacks on WestJet Airlines and Hawaiian Airlines have not caused flight delays or cancellations. However, experts warn that future attacks could be much worse. If hackers gain control of critical systems, they could cause widespread delays, data theft, or even threaten flight safety.

Data Privacy

As of July 5, 2025, neither WestJet Airlines nor Hawaiian Airlines has confirmed whether customer data was stolen. Investigations are still ongoing. However, the risk remains, and more victims may be identified as the situation develops.

Industry-Wide Threat

The FBI and cybersecurity experts stress that everyone in the airline industry is at risk—not just the airlines themselves, but also their vendors and contractors. The Federal Aviation Administration (FAA) is monitoring the situation and staying in contact with affected airlines.

Expert Perspectives: Why Airlines Are Vulnerable

Cybersecurity Experts

Kelly Siegel from National Technology Management and Sam Rubin from Palo Alto Networks Unit 42 point out that airlines are especially vulnerable because they rely on many connected digital systems. Scattered Spider’s social engineering tactics are very hard to defend against because they target people, not just computers.

Aviation Professionals

Captain Dennis Tajer from the Allied Pilots Association warns that cyberattacks could disrupt the flow of information between aircraft, pilots, and operations centers. This could lead to delays and confusion, even if flights are not directly affected.

Cybersecurity Firms

Google-owned Mandiant and Halcyon, two leading cybersecurity firms, say that Scattered Spider uses a “hybrid threat model.” This means they blend social engineering (tricking people) with technical hacking skills. The group is loosely organized, making it hard for law enforcement to shut them down.

FBI Recommendations for the Aviation Sector

The FBI has issued several key recommendations to help airlines and related companies protect themselves:

  • Be alert for suspicious MFA reset requests and social engineering attempts.
  • Report incidents immediately to the local FBI office. Quick reporting helps law enforcement respond and share information with others.
  • Review and strengthen IT help desk protocols, especially for managing MFA devices and resetting credentials.
  • Engage third-party cybersecurity experts for forensic analysis and to help fix any problems if an incident is suspected.

For official guidance and updates, organizations can visit the FBI’s Cyber Crime page.

Ongoing Investigations and Industry Response

Both WestJet Airlines and Hawaiian Airlines are working closely with law enforcement and regulatory authorities. They have promised to keep customers and the public updated as more information becomes available. The FAA is also involved, making sure that flight safety is not compromised.

Airlines for America, which represents major U.S. carriers, has not commented publicly. However, industry insiders say that airlines are reviewing their cybersecurity protocols and working with experts to strengthen their defenses.

Background: Who is Scattered Spider?

Scattered Spider, also known as UNC3944, has been active since at least 2021. The group is linked to several high-profile cyberattacks, including those on MGM Resorts International and Caesars in 2023, as well as major UK retailers in April 2025.

Scattered Spider is part of a larger cybercriminal network called “the Com” or “Comm,” which includes other groups like LAPSUS$. U.S. security agencies have been tracking Scattered Spider’s activities, noting that the group is using more ransomware (such as BlackCat/ALPHV) and focusing on critical infrastructure sectors, including airlines.

What’s Next? Future Outlook for Airlines and Travelers

Escalating Threat

Experts believe that attacks by Scattered Spider and similar groups will continue—and may become even more severe. The aviation industry’s heavy reliance on digital systems makes it a tempting target.

Industry Response

Airlines are expected to work more closely with cybersecurity firms and federal agencies. There will likely be more investment in cyber defense and better plans for responding to incidents.

Possible Regulatory Changes

As of July 5, 2025, no new federal rules have been announced. However, if attacks continue, the government may introduce new policies or require airlines to report cyber incidents more quickly.

What Should Travelers Do?

While there have been no direct impacts on flight operations so far, travelers should stay informed and take simple steps to protect themselves:

  • Monitor official airline communications for updates about cybersecurity incidents.
  • Be cautious with personal information. If you receive suspicious emails or messages claiming to be from your airline, do not click on links or provide personal details.
  • Check your airline’s official website for the latest news and advice.

Key Takeaways for the Aviation Industry

  • No direct impact on flights has been reported as of July 5, 2025, but the risk remains.
  • Personal data risk: Investigations are ongoing, and the possibility of customer data being stolen cannot be ruled out.
  • Industry vigilance: Airlines, vendors, and contractors must review their cybersecurity protocols and report any suspicious activity right away.

Summary Table: Recent Airline Cyber Incidents (2025)

Date Airline Incident Type Operational Impact Status (as of July 5, 2025)
June 13 WestJet Airlines Cybersecurity breach No flight impact Investigation ongoing
June 26 Hawaiian Airlines Cybersecurity event No flight impact Investigation ongoing

Practical Guidance for Airlines and Stakeholders

  • Train staff to recognize social engineering: Regular training can help employees spot fake requests and avoid falling for scams.
  • Strengthen help desk security: Make sure help desk staff follow strict rules before resetting passwords or adding MFA devices.
  • Use strong authentication: Require more than just a password to access important systems.
  • Work with cybersecurity experts: Outside experts can help find weaknesses and respond quickly to attacks.
  • Report incidents fast: Quick reporting to the FBI can help stop attacks from spreading.

Official Resources

  • FBI Cyber Crime: FBI Cyber Crime
  • WestJet Airlines: Updates available on the airline’s official website and customer service channels.
  • Hawaiian Airlines: Official updates provided through the airline’s website and customer service.

Conclusion

The FBI’s warning about Scattered Spider is a wake-up call for the entire aviation industry and the millions of travelers who depend on safe, reliable air travel. While recent attacks on WestJet Airlines and Hawaiian Airlines have not disrupted flights, the risk of more serious incidents remains. Airlines, vendors, and contractors must work together to strengthen their defenses, train their staff, and respond quickly to any signs of trouble.

Travelers should stay alert, follow official updates, and take simple steps to protect their personal information. As reported by VisaVerge.com, the aviation sector’s digital transformation brings many benefits, but it also creates new risks that require constant attention and action.

For the latest updates, consult the FBI’s official communications and the affected airlines’ public statements. By staying informed and prepared, both the industry and the public can help reduce the risk of cyberattacks and keep air travel safe for everyone.

Learn Today

Scattered Spider → A cybercriminal group known for sophisticated social engineering and ransomware attacks on airlines and critical networks.
Multi-factor authentication (MFA) → A security method requiring multiple verification steps to access accounts, like passwords plus codes.
Ransomware → Malicious software that locks systems or data, demanding payment for restoration or non-disclosure of stolen data.
Social engineering → Cyberattack technique that manipulates people into revealing confidential information or granting system access.
Cybersecurity breach → An incident where unauthorized access compromises computer systems, data, or network integrity.

This Article in a Nutshell

In mid-2025, Scattered Spider launched cyberattacks against major North American airlines. FBI alerts stress urgent vigilance amid rising digital threats. Airlines must strengthen defenses as social engineering threatens passenger data and flight safety. Collaborative industry efforts and traveler awareness are key to mitigating escalating risks from these sophisticated cyber intrusions.
— By VisaVerge.com

Share This Article
Shashank Singh
ByShashank Singh
Breaking News Reporter
Follow:
As a Breaking News Reporter at VisaVerge.com, Shashank Singh is dedicated to delivering timely and accurate news on the latest developments in immigration and travel. His quick response to emerging stories and ability to present complex information in an understandable format makes him a valuable asset. Shashank's reporting keeps VisaVerge's readers at the forefront of the most current and impactful news in the field.
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments

Verging Today

Trending Today

You Might Also Like

Rishi Kapoor: Mastermind of M Real Estate Fraud Faces SEC Emergency Relief
News

Rishi Kapoor: Mastermind of $93M Real Estate Fraud Faces SEC Emergency Relief

By Oliver Mercer
Arizona ICE Act Advances, Bringing Local Police Into Immigration Debate
Immigration

Arizona ICE Act Advances, Bringing Local Police Into Immigration Debate

By Oliver Mercer
Aeroméxico Introduces Daily Direct Flights From Mexico City to Punta Cana
News

Aeroméxico Introduces Daily Direct Flights From Mexico City to Punta Cana

By Robert Pyne
Kamala Harris’s Short-Term and Long-Term Immigration Strategies
Immigration

Kamala Harris’s Short-Term and Long-Term Immigration Strategies

By Shashank Singh
Show More