top of page

Your Hawaiian Airlines hack update

  • cypac1
  • 6 days ago
  • 2 min read
hawaiian airlines hack

Happy end-of-week


I usually send these updates on Fridays, but this couldn’t wait. Here's a quick point-by-point update on the Hawaiian Airlines breach. New details are emerging, and I’ll keep you informed as the situation evolves.


What happened?


On Monday, June 23rd, Hawaiian Airlines disclosed a cyberattack that disrupted parts of its IT systems. The language used suggests a ransomware-style incident. All flights have continued to operate safely, and the FAA has confirmed there is no impact on flight safety.



Who's behind it?


The FBI is investigating. The tactics used closely match those of Scattered Spider, a cybercriminal group known for targeting airlines and airport infrastructure through social engineering.



This group typically impersonates employees or contractors, tricks help desks into resetting multi-factor authentication, gains access, exfiltrates data, and often launches ransomware attacks.


Scattered Spider has also been linked to recent breaches at MGM Resorts, Caesars Entertainment, Clorox, and UnitedHealth. These incidents have resulted in hundreds of millions of dollars in losses.


The Takeaway

The FBI has warned that Scattered Spider is expanding its operations into the airline and aviation support sectors. They continue to focus on critical infrastructure and high-profile organizations, and the aviation industry is now clearly within their scope.


If you work in a targeted sector, I recommend you try check the following:


  • Strengthen help desk identity verification. Use MFA methods that are less vulnerable to manipulation, such as app-based authenticators or hardware tokens. Disable phone and SMS-based MFA where possible.

  • Keep your incident response team alert. Train them to recognize social engineering attempts, MFA reset requests, and signs of lateral movement inside your environment. Your SIEM solution and SOC team are your best friends.

  • Run social engineering drills. Set up red team and blue team exercises that target IT support staff with voice-based scenarios like “I’m locked out of MFA,” “I got a new phone,” or “There’s a client waiting.” These are common pretexts used in real-world attacks.



Compared to Qantas and its recent cyber incident, Hawaiian Airlines has been notably quiet. There have been no updates, no details about which systems were affected, and no word on whether customer data, including HawaiianMiles profiles, may have been accessed.


There is no helpline, no FAQ, and no support page on Hawaiian’s website. The only public statement so far is a short release dated June 26, which you can read here.


This likely means they are still assessing the scope of the breach and determining the best way to disclose it. We will probably hear more in the coming weeks as the investigation unfolds.


Stay safe out there.

-Attila


The Positivity Box



This week Qantas disclosed a cyberattack after threat actor, Scattered Spider gained access to a third-party platform containing customer data. Qantas is Australia's largest airline, operating domestic and international flights across six continents and employing around 24,000 people.


New Friday Funnies!

What do you get when you cross an accountant with a jumbo jet?

A Boring 747.


What do pilot's like to say before takeoff?

Flying is very safe - we have never left anyone up there.


What do you call an airplane that’s about to crash?

An error plane.


What’s the difference between an optimist and a pessimist?

An optimist created the airplane, a pessimist created the seatbelts.


 
 
 

Comments

bottom of page