FBI Issues Urgent Warning After Hackers Breach Major U.S. Airlines
The FBI has issued a new warning after a cybercriminal group known as Scattered Spider successfully breached several major U.S. airlines.
Here's what's happening and what it means for travelers and airlines alike.
Meet Scattered Spider
Scattered Spider is a well-known cybercriminal organization that has gained a reputation for targeting major corporate entities. This group uses social engineering tactics to get what they want. That usually involves posing as airline employees or third-party contractors and calling IT help desks. From there, they convince support staff to reset passwords, change security settings, or even register new login devices, giving them wide-open access to sensitive systems.
This group is not hacking the tech; they’re hacking human nature.
Beating MFA by Exploiting People
Multi-factor authentication (MFA) is supposed to eradicate this kind of threat. MFA is the extra security step where you verify your identity through a phone, app, or code. However, Scattered Spider has figured out how to successfully bypass this security feature.
In many cases, individuals in this criminal group persuade help desk agents to add rogue MFA devices to real employee accounts. Once that happens, the attackers can log in as if they belong there without raising any red flags or alarms.
Charles Carmakal, CTO at Google’s Mandiant security division, says this tactic is especially dangerous because it doesn’t require the hackers to break any systems. It just takes one person making a bad judgment call.
“If your help desk doesn’t have strict identity verification protocols, these attackers will find a way in,” Carmakal said.
Which Airlines Were Affected?
While the FBI hasn't released an official list of all affected airlines, a few carriers have confirmed incidents:
WestJet reported a cybersecurity event impacting its internal systems and mobile app.
Hawaiian Airlines: Confirmed a breach affecting some IT systems, though flight operations weren't impacted.
Given the nature of these intrusions and Scattered Spider's deep infiltration of third-party vendors, experts warn that the true scope of the breach might not be clear for a while.
What’s the Endgame?
So why target airlines? The answer is simple: money and leverage.
Once inside, Scattered Spider typically steals sensitive data, including employee records and potentially customer information. Then, they deploy ransomware or threaten to leak the stolen data unless the airline pays up.
This group has already been linked to past attacks on businesses in finance, telecom, and healthcare. Now, they’ve moved their focus to aviation.
Sam Rubin, head of Unit 42 at Palo Alto Networks, calls them “one of the most persistent and adaptive cybercriminal groups out there right now.”
What Airlines Are Doing Now
The FBI is actively working with airline security teams to contain the damage and prevent future breaches. Airlines are reportedly auditing their help desk procedures, tightening MFA controls, and monitoring for unusual account activity.
Cybersecurity experts are urging airlines to retrain help desk employees, reduce the number of users with administrative access, and double-check identity verification processes before making any account changes.
For travelers, the good news is that these attacks haven’t disrupted flight schedules. But if you’ve flown with any major U.S. airline in the past few months, it wouldn’t hurt to keep an eye on your personal accounts for suspicious activity, just in case.
Cyber Threats Are Now Part of Air Travel
Unfortunately, large-scale cyberattacks of this kind are becoming increasingly common in the travel industry. Between ransomware, phishing, and now social engineering targeting airline employees, cybersecurity is the newest front in keeping air travel safe.
Find this helpful? Save it for later and share it with anyone you know who's flying soon. The more people are aware of these threats, the better.