Cybercrime Group “Scattered Spider” Hits Airlines in U.S. and Canada, FBI Confirms

Washington, June 28, 2025 — A notorious cybercriminal group known as “Scattered Spider” has breached the networks of multiple airlines in the United States and Canada this month, triggering heightened security alerts across the aviation industry, the FBI and private cybersecurity experts confirmed.

While airline operations and passenger safety remain unaffected, the breaches have raised alarm amid the peak summer travel season, becoming the third major U.S. business sector—after insurance and retail—to face a wave of attacks tied to the same criminal network in the past two months.

The FBI warned in a statement on Friday that Scattered Spider specifically targets large corporations and their IT contractors, putting the entire airline ecosystem—including vendors and subcontractors—at risk. “Once inside (a victim’s network), Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the agency said, adding it was working with aviation partners to mitigate the fallout and assist victims.

Hawaiian Airlines and Canada’s WestJet acknowledged ongoing assessments following recent cyber incidents, though neither airline publicly identified Scattered Spider as the attacker. According to sources familiar with the investigation, additional victims in the aviation sector could come forward in the coming days.

WestJet reported disruptions two weeks ago due to a “cybersecurity incident” affecting access to services and customer-facing systems, including its mobile app. Despite the breaches, both WestJet and Hawaiian Airlines said flight operations were not impacted.

“The lack of operational disruption is likely a sign of good internal network separations or robust business continuity planning,” said Aakin Patel, former Chief Information Security Officer for Las Vegas’ main airport.

Jeffrey Troy, president of the Aviation ISAC, an industry cyber threat-sharing group, confirmed heightened vigilance across the aviation sector. “Our members are keenly alert to attacks from financially motivated attackers and collateral impacts emanating out of geopolitical tensions,” Troy said in a statement.

The aviation industry’s sensitivity to digital disruption was highlighted again on Friday when a separate, unrelated IT outage caused delays for some American Airlines passengers.

Security experts say Scattered Spider has been particularly effective at using social engineering techniques, including posing as employees or customers during calls to corporate help desks, to infiltrate companies. “Airlines rely heavily on call centers for a lot of their support needs,” said Patel, adding that makes them “a likely target for groups like this.”

Scattered Spider rose to prominence in 2023 after multimillion-dollar hacks against Las Vegas casino giants MGM Resorts and Caesars Entertainment. The group often focuses on one industry at a time for several weeks. Earlier this month, they were linked to a cyberattack on insurance giant Aflac, and prior to that, they targeted retail conglomerate Ahold Delhaize USA, which owns grocery chains Giant and Food Lion.

“The actor’s core tactics, techniques, and procedures have remained consistent,” said Charles Carmakal, chief technology officer at Google-owned cybersecurity firm Mandiant, which is aiding several airlines in responding to the attacks. Mandiant confirmed it is “aware of multiple incidents in the airline and transportation sector” matching Scattered Spider’s modus operandi.