Cybercrime group is targeting airlines, FBI says: How are passengers being affected?
Share and Follow


(NEXSTAR) – A cybercrime organization known as “Scattered Spider” has been targeting airlines based in North America in recent weeks, attempting to gain access to sensitive data for purposes of extortion, the FBI confirmed in an alert issued Friday.

“They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the alert reads, in part.

How have airlines or customers been affected?

A number of major airlines have confirmed security breaches in recent weeks, including Canada’s WestJet, which reported a “cybersecurity incident” in mid-June. The incident affected internal systems, but the carrier also warned that some customers may find themselves “restricted” from the app, or noticing “interruptions or errors” on the app or website. It was unclear if the customer-facing issues were the result of the cyberattack or the carrier’s attempts to fix or mitigate the issue.

A representative for WestJet was not immediately available for comment.

Within weeks, Hawaiian Airlines also reported a “cybersecurity event” affecting its IT systems, Nexstar’s KHON reported. The airline did not say whether any other data was compromised. A representative for the airline did not respond immediately when contacted for further information.

Neither WestJet nor Hawaiian Airlines identified Scattered Spider as the group believed to be behind the attacks.

Last week, Nexstar’s WHTM also reported that Delta Air lines had locked some of its customers’ accounts over security concerns. A passenger, who is also a current reporter at the station, learned of the security measures after contacting Delta to report that he was unable to login to his online account or change his password.

WHTM reported that a Delta customer service representative said the issues stemmed from a potential security breach involving a large number of customers, although a Delta spokesperson later said the company simply reset the credentials to preemptively “maintain security,” and that its actions were not the result of a security breach.

“As we do occasionally, out of an abundance of caution, we reset credentials for accounts and ask that customers verify them with us to maintain security of the accounts,” a spokesperson for Delta said, while confirming that customers’ SkyMiles accounts “are secure.

“We apologize for any inconvenience this might cause.”

What is Scattered Spider?

While none of the above airlines named Scattered Spider as the culprit behind their woes, the FBI has warned of the hacker group “expanding” its efforts to target the airline industry specifically.

“These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access,” last week’s FBI alert reads. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.”

These tactics appear to mirror other cybersecurity breaches blamed on Scattered Spider in the past, according to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

One of the main tactics the group relies on — social engineering — means that its members will use their social skills (while posing as an IT employee, for instance) to convince unwitting employees to grant access to otherwise inaccessible data.

Authorities say the group used these tactics, and others, when they gained access to multiple casinos’ internal computer systems, where they installed ransomware and demanded money in exchange for reverting back control.

Some hackers believed to be associated with the group have been criminally charged, including four young men linked to the casino cyberattacks, Nexstar’s KLAS reported in 2024.

What is being done to mitigate the attacks?

The airlines affected by recent security breaches say they’re monitoring and assessing the impacts. WestJet and Hawaiian are also in contact with cybersecurity experts, according to their websites.

CISA and the FBI have also recommended that software developers take a number of actions to make their products less vulnerable to ransomware attacks, to help prevent some attack attempts at the source.

“The FBI and CISA encourage critical infrastructure organizations to implement the recommendations …  to reduce the likelihood and impact of a cyberattack by Scattered Spider actors,” reads a detailed CISA profile of the organization published in 2023.

Share and Follow
You May Also Like

White House Initiates Demolition of East Wing Section for Trump’s Proposed Ballroom

In a significant development at the White House, demolition crews have begun…

Breaking: New Details Emerge in Campustown Weekend Shooting Investigation

CHAMPAIGN, Ill. (WCIA) — A man is in a serious yet stable…

Greene County Commission Rejects Proposal to Repeal State COPA Laws

In Greeneville, Tennessee, the Greene County Commission convened on Monday and took…

RFK Jr. Advocates for Increased Saturated Fats in Groundbreaking New Dietary Guidelines

The Trump administration’s “Make America Healthy Again” initiative is poised to propose…

Longboat Key Decides to Retain ‘Gulf of Mexico Drive’ Name

LONGBOAT KEY, Fla. (WFLA) — Residents of Longboat Key are facing increased…

Tragic Milford House Fire Claims One Life, Injures Fire Chief in Heroic Rescue Effort

A devastating house fire in Milford, Illinois, last week has tragically claimed…

Decatur Names Temporary City Manager and Engages Recruiting Firm for Permanent Search

Concerns have been raised once more regarding the conduct of certain Decatur…

Asian Markets Continue Upward Momentum as Japan’s Nikkei Approaches 50,000 Milestone

BANGKOK – In a promising turn for Asian markets, Tuesday saw a…