FBI Issues Warning on ‘Scattered Spider’ Targeting Airlines

The FBI alerted airlines in North America about Scattered Spider cyberattacks in mid-2025. WestJet and Hawaiian Airlines faced breaches without flight impacts. The group exploits social engineering to steal data and deploy ransomware. Ongoing investigations emphasize the need for heightened cybersecurity and rapid incident reporting within the aviation sector.

Key Takeaways

• FBI warned airlines about Scattered Spider cyberattacks targeting US and Canadian carriers in June-July 2025.
• WestJet and Hawaiian Airlines suffered system breaches affecting internal IT, no flight disruptions reported yet.
• Scattered Spider uses social engineering and MFA bypass to steal data, deploy ransomware, and demand ransom.

Federal Warning: Scattered Spider Cyberattacks Threaten North American Airlines

In late June and early July 2025, the FBI issued a high-priority warning to the aviation industry and the traveling public. The alert centers on a cybercriminal group called Scattered Spider, which has sharply increased its attacks on major airlines and their digital systems across North America. The warning follows a series of incidents that have raised concerns about the safety of airline operations, the privacy of passenger data, and the security of the entire aviation ecosystem.

FBI Issues Warning on ‘Scattered Spider’ Targeting Airlines
FBI Issues Warning on ‘Scattered Spider’ Targeting Airlines

Who is at risk? The FBI’s warning applies to all airlines, their employees, contractors, and even travelers who rely on digital airline services. The threat is not limited to one country; both United States ?? and Canada ?? have seen their airlines targeted, with WestJet Airlines and Hawaiian Airlines among the most recent victims.

What happened? In June 2025, WestJet Airlines in Canada ?? and Hawaiian Airlines in the United States ?? both reported cybersecurity incidents. These attacks did not disrupt flights, but they did affect internal systems and raised fears about possible data theft. The FBI responded by urging all airlines and related companies to be on “high alert” and to report any suspicious activity immediately.

Why does this matter? Airlines depend on complex digital systems for everything from booking tickets to managing flight operations. A successful cyberattack could cause major delays, expose sensitive passenger data, or even threaten flight safety if critical systems are compromised.

How are these attacks happening? Scattered Spider uses advanced tricks to fool airline employees and IT staff. They pretend to be real workers or contractors, tricking help desks into giving them access to important accounts. Once inside, they steal data, demand ransom, and sometimes shut down systems.

Let’s break down what’s happening, why it matters, and what travelers and the industry should do next.


Timeline of Recent Airline Cyberattacks

The FBI’s warning comes after a series of high-profile incidents in June and July 2025:

  • June 13, 2025: WestJet Airlines reported a cybersecurity breach that affected its internal systems and mobile app. Some users could not access their accounts. The airline quickly started an investigation, brought in outside cybersecurity experts, and notified both customers and authorities. By June 18, WestJet said it had made progress in securing its systems, but the investigation was still ongoing.

  • June 26, 2025: Hawaiian Airlines announced a “cybersecurity event” that hit some of its IT systems. The airline confirmed that flights were not affected. It worked with federal authorities and cybersecurity experts to address the problem.

  • June 27, 2025: The FBI posted a public alert on LinkedIn and X (formerly Twitter), warning the aviation industry to be on “high alert.” The agency encouraged early reporting of suspicious activity to help prevent further attacks.

  • July 1-5, 2025: News outlets and cybersecurity firms confirmed the FBI’s warnings. Experts shared their concerns about the risks and possible impacts for both travelers and the aviation industry.


How Scattered Spider Attacks Airlines

Scattered Spider is not a typical hacker group. It uses a mix of clever tricks and technical skills to break into airline systems. Here’s how they operate:

Social Engineering

  • Impersonation: The group pretends to be real employees or contractors. They call or email IT help desks, using personal details to sound convincing.
  • Credential Theft: Their main goal is to get the usernames and passwords of important staff, like system administrators or top executives.
  • MFA Bypass: Even if accounts are protected by multi-factor authentication (MFA), Scattered Spider tricks help desks into adding new, unauthorized devices to these accounts. This lets them get in without the real user knowing.

Targeting Third Parties

  • Expanding the Attack: Scattered Spider doesn’t just attack airlines directly. They also go after third-party IT providers, vendors, and contractors. This makes the entire airline ecosystem vulnerable.

Ransomware and Data Extortion

  • Stealing Data: Once inside, the attackers steal sensitive data, such as customer information or business secrets.
  • Ransom Demands: They often use ransomware to lock up systems and demand payment to unlock them. They may also threaten to release stolen data unless they are paid.

Rapid Escalation

  • Quick Action: Experts say Scattered Spider can move very fast. Sometimes, they break in, set up their access, and launch ransomware attacks within just a few hours.

Impact on Airlines and Travelers

Operational Disruption

So far, the attacks on WestJet Airlines and Hawaiian Airlines have not caused flight delays or cancellations. However, experts warn that future attacks could be much worse. If hackers gain control of critical systems, they could cause widespread delays, data theft, or even threaten flight safety.

Data Privacy

As of July 5, 2025, neither WestJet Airlines nor Hawaiian Airlines has confirmed whether customer data was stolen. Investigations are still ongoing. However, the risk remains, and more victims may be identified as the situation develops.

Industry-Wide Threat

The FBI and cybersecurity experts stress that everyone in the airline industry is at risk—not just the airlines themselves, but also their vendors and contractors. The Federal Aviation Administration (FAA) is monitoring the situation and staying in contact with affected airlines.


Expert Perspectives: Why Airlines Are Vulnerable

Cybersecurity Experts

Kelly Siegel from National Technology Management and Sam Rubin from Palo Alto Networks Unit 42 point out that airlines are especially vulnerable because they rely on many connected digital systems. Scattered Spider’s social engineering tactics are very hard to defend against because they target people, not just computers.

Aviation Professionals

Captain Dennis Tajer from the Allied Pilots Association warns that cyberattacks could disrupt the flow of information between aircraft, pilots, and operations centers. This could lead to delays and confusion, even if flights are not directly affected.

Cybersecurity Firms

Google-owned Mandiant and Halcyon, two leading cybersecurity firms, say that Scattered Spider uses a “hybrid threat model.” This means they blend social engineering (tricking people) with technical hacking skills. The group is loosely organized, making it hard for law enforcement to shut them down.


FBI Recommendations for the Aviation Sector

The FBI has issued several key recommendations to help airlines and related companies protect themselves:

  • Be alert for suspicious MFA reset requests and social engineering attempts.
  • Report incidents immediately to the local FBI office. Quick reporting helps law enforcement respond and share information with others.
  • Review and strengthen IT help desk protocols, especially for managing MFA devices and resetting credentials.
  • Engage third-party cybersecurity experts for forensic analysis and to help fix any problems if an incident is suspected.

For official guidance and updates, organizations can visit the FBI’s Cyber Crime page.


Ongoing Investigations and Industry Response

Both WestJet Airlines and Hawaiian Airlines are working closely with law enforcement and regulatory authorities. They have promised to keep customers and the public updated as more information becomes available. The FAA is also involved, making sure that flight safety is not compromised.

Airlines for America, which represents major U.S. carriers, has not commented publicly. However, industry insiders say that airlines are reviewing their cybersecurity protocols and working with experts to strengthen their defenses.


Background: Who is Scattered Spider?

Scattered Spider, also known as UNC3944, has been active since at least 2021. The group is linked to several high-profile cyberattacks, including those on MGM Resorts International and Caesars in 2023, as well as major UK retailers in April 2025.

Scattered Spider is part of a larger cybercriminal network called “the Com” or “Comm,” which includes other groups like LAPSUS$. U.S. security agencies have been tracking Scattered Spider’s activities, noting that the group is using more ransomware (such as BlackCat/ALPHV) and focusing on critical infrastructure sectors, including airlines.


What’s Next? Future Outlook for Airlines and Travelers

Escalating Threat

Experts believe that attacks by Scattered Spider and similar groups will continue—and may become even more severe. The aviation industry’s heavy reliance on digital systems makes it a tempting target.

Industry Response

Airlines are expected to work more closely with cybersecurity firms and federal agencies. There will likely be more investment in cyber defense and better plans for responding to incidents.

Possible Regulatory Changes

As of July 5, 2025, no new federal rules have been announced. However, if attacks continue, the government may introduce new policies or require airlines to report cyber incidents more quickly.


What Should Travelers Do?

While there have been no direct impacts on flight operations so far, travelers should stay informed and take simple steps to protect themselves:

  • Monitor official airline communications for updates about cybersecurity incidents.
  • Be cautious with personal information. If you receive suspicious emails or messages claiming to be from your airline, do not click on links or provide personal details.
  • Check your airline’s official website for the latest news and advice.

Key Takeaways for the Aviation Industry

  • No direct impact on flights has been reported as of July 5, 2025, but the risk remains.
  • Personal data risk: Investigations are ongoing, and the possibility of customer data being stolen cannot be ruled out.
  • Industry vigilance: Airlines, vendors, and contractors must review their cybersecurity protocols and report any suspicious activity right away.

Summary Table: Recent Airline Cyber Incidents (2025)

Date Airline Incident Type Operational Impact Status (as of July 5, 2025)
June 13 WestJet Airlines Cybersecurity breach No flight impact Investigation ongoing
June 26 Hawaiian Airlines Cybersecurity event No flight impact Investigation ongoing

Practical Guidance for Airlines and Stakeholders

  • Train staff to recognize social engineering: Regular training can help employees spot fake requests and avoid falling for scams.
  • Strengthen help desk security: Make sure help desk staff follow strict rules before resetting passwords or adding MFA devices.
  • Use strong authentication: Require more than just a password to access important systems.
  • Work with cybersecurity experts: Outside experts can help find weaknesses and respond quickly to attacks.
  • Report incidents fast: Quick reporting to the FBI can help stop attacks from spreading.

Official Resources

  • FBI Cyber Crime: FBI Cyber Crime
  • WestJet Airlines: Updates available on the airline’s official website and customer service channels.
  • Hawaiian Airlines: Official updates provided through the airline’s website and customer service.

Conclusion

The FBI’s warning about Scattered Spider is a wake-up call for the entire aviation industry and the millions of travelers who depend on safe, reliable air travel. While recent attacks on WestJet Airlines and Hawaiian Airlines have not disrupted flights, the risk of more serious incidents remains. Airlines, vendors, and contractors must work together to strengthen their defenses, train their staff, and respond quickly to any signs of trouble.

Travelers should stay alert, follow official updates, and take simple steps to protect their personal information. As reported by VisaVerge.com, the aviation sector’s digital transformation brings many benefits, but it also creates new risks that require constant attention and action.

For the latest updates, consult the FBI’s official communications and the affected airlines’ public statements. By staying informed and prepared, both the industry and the public can help reduce the risk of cyberattacks and keep air travel safe for everyone.

Learn Today

Scattered Spider → A cybercriminal group known for sophisticated social engineering and ransomware attacks on airlines and critical networks.
Multi-factor authentication (MFA) → A security method requiring multiple verification steps to access accounts, like passwords plus codes.
Ransomware → Malicious software that locks systems or data, demanding payment for restoration or non-disclosure of stolen data.
Social engineering → Cyberattack technique that manipulates people into revealing confidential information or granting system access.
Cybersecurity breach → An incident where unauthorized access compromises computer systems, data, or network integrity.

This Article in a Nutshell

In mid-2025, Scattered Spider launched cyberattacks against major North American airlines. FBI alerts stress urgent vigilance amid rising digital threats. Airlines must strengthen defenses as social engineering threatens passenger data and flight safety. Collaborative industry efforts and traveler awareness are key to mitigating escalating risks from these sophisticated cyber intrusions.
— By VisaVerge.com

People also ask

Answers from VisaVerge guides
What advice did Hawaiian Airlines give to customers regarding the cybersecurity issue?

Customers were advised to check their flight status, monitor their accounts for unusual activity, contact customer service if needed, and stay updated on official updates from the airline.

Read: Hawaiian Airlines Cybersecurity Issue Reported, Flights Operating Normally
Which airline reported a breach involving a third-party customer service platform in June 2025?

Air France-KLM reported a breach of a third-party customer service platform in June 2025, exposing names, contact details, and Flying Blue numbers.

Read: How Airline Miles Could Vanish Into Hackers' Hands in 2025
What measures did airlines take to manage operations during the cyberattack?

Airlines reduced their schedules, in some cases cutting up to half of services, to stabilize operations during peak recovery periods.

Read: Chaos at European Airports as Cyberattack Triggers Cancellations
What is the potential risk for passengers due to the cyberattack?

There is a potential risk of personal data exposure, though no confirmed leaks have been reported.

Read: Aeroflot Cancels Flights for Second Day After Major Cyberattack
What are the potential long-term risks associated with the leaked data from FAI Aviation Group?

The exposure of medical and biometric details raises long-term risks for affected people, as such information cannot be changed and could fuel identity theft, fraud, and social engineering schemes.

Read: Hackers Claim Data Leak at FAI Aviation Group; Customer Records Exposed
What do you think? 149 reactions
Useful? 95%
Jim Grey

Jim Grey serves as Senior Editor at VisaVerge.com, where he leads the site's aviation and air-travel coverage — airlines, airports, TSA rules, and the operational disruptions that affect millions of journeys. With a keen eye for detail and deep knowledge of the travel sector, Jim ensures every report is accurate, timely, and genuinely useful to travelers. His guidance keeps VisaVerge readers informed and prepared from booking to boarding.

Subscribe
Notify of
guest

0 Comments