Qantas & Hawaiian Airlines Cyber Attacks Expose Growing Aviation Threats

Turbulence Ahead: Why These Cyberattacks Matter Now

In the span of just a few days, two major incidents have shaken the airline industry: Qantas confirmed a massive data breach affecting up to 6 million customers, and the FBI revealed that Hawaiian Airlines was the target of a sophisticated cyberattack. These events signal a disturbing rise in aviation cybersecurity threats, with the infamous Scattered Spider ransomware group suspected to be behind at least one of the attacks. Together, these incidents reflect an escalating pattern of airline ransomware attacks that are forcing the aviation sector to reckon with its digital vulnerabilities.

Qantas Data Breach: What Happened?

On July 2, 2025, Qantas confirmed that it had suffered a significant data breach. The attack exposed the personal details of as many as 6 million customers, including names, email addresses, phone numbers, dates of birth, and frequent flyer account numbers. The breach occurred through a third-party platform used by the airline’s call center, highlighting the ongoing risks associated with vendor dependencies.

While Qantas stated that no financial or passport data was compromised, the breach remains one of the most serious in Australian aviation history. The company took immediate steps to shut down the affected systems and began notifying impacted users. Early investigations suggest that the ransomware group Scattered Spider may be involved—the same group linked to high-profile attacks on MGM Resorts and Caesars Entertainment in 2023.

The Qantas data breach underlines how even well-established airlines are vulnerable to cyberattacks, especially when third-party systems are involved. The incident also reignites concerns about protecting frequent flyer data, which is increasingly seen as a valuable target.

Hawaiian Airlines Cyberattack & FBI Warning

Just days earlier, on June 28, 2025, the FBI issued a stark warning about a coordinated cybercrime campaign targeting U.S. airlines. According to the FBI, Hawaiian Airlines was among the airlines targeted by a ransomware group employing social engineering tactics, deepfake technology, and insider impersonation to gain access to sensitive systems.

Although Hawaiian Airlines did not confirm a successful breach, the FBI advisory made it clear that the threat actors were persistent and technically advanced. The campaign appeared to be part of a broader airline ransomware attack trend that is exploiting weak points in employee training, outdated IT infrastructure, and third-party access controls.

This attack attempt further validated that the aviation sector is under coordinated attack by criminal syndicates, and that regional carriers like Hawaiian Airlines are no longer off the radar. The threat landscape is expanding rapidly, and no airline is immune.

Who Is Scattered Spider?

Scattered Spider is a highly active ransomware group known for its unconventional and deceptive methods. First gaining notoriety in 2023 for attacking major hospitality and entertainment giants, the group employs advanced social engineering techniques such as SIM swapping and helpdesk impersonation. They are also among the first to use deepfake video calls to impersonate executives and IT staff.

They’ve also been observed launching multi-factor authentication (MFA) fatigue attacks—bombarding employees with login requests to trick them into approval. Combined with stolen credentials from phishing or dark web marketplaces, this makes initial access swift and hard to detect.

While Qantas has not officially named Scattered Spider, cybersecurity experts suspect their involvement due to the attack’s methodology. The group is part of a new wave of cybercriminals who prioritize stealth and psychological manipulation over brute-force hacking.

With links to the ALPHV/BlackCat ransomware-as-a-service operation, Scattered Spider poses a global threat to sectors that manage large volumes of personal and financial data.

The Aviation Industry’s Cybersecurity Wake-Up Call

The Qantas and Hawaiian Airlines cyberattacks are just the latest symptoms of a much larger problem. Airlines have become high-value targets for ransomware groups because they store vast amounts of personally identifiable information (PII), rely heavily on legacy systems, and often work with numerous third-party vendors.

In Southeast Asia, EMEA, and LATAM regions, the risks are compounded by inconsistent cybersecurity regulations and enforcement. While the EU’s GDPR provides a stringent framework, other regions still lack comprehensive aviation-specific policies. For example, Thailand’s PDPA and Brazil’s LGPD are improving data protection, but still lack aviation-specific enforcement mechanisms. Airlines operating in these jurisdictions often face unclear legal responsibilities in the event of a breach, further complicating response strategies.

Airline ransomware attacks are no longer isolated events—they are part of a coordinated trend. Cybersecurity experts are urging aviation companies to invest in Managed Detection and Response (MDR), perform regular security audits, and implement strict vendor risk assessments. The cost of inaction could be catastrophic: grounded fleets, reputational damage, and massive customer distrust.

Final Approach: What Airlines Must Do Next

The dual incidents involving Qantas and Hawaiian Airlines serve as a wake-up call to the global aviation industry. Whether it’s through third-party system breaches or sophisticated social engineering, the message is clear: the threat is real, and it’s growing.

Airlines must prioritize cybersecurity as a core operational concern, not a back-office function. This includes educating employees, investing in real-time threat detection, and hardening third-party access points. With ransomware groups like Scattered Spider becoming increasingly aggressive, now is the time for airlines to act.