Qantas, Hawaiian Airlines, WestJet, and South African Airways Hit by Cybersecurity Breaches: What You Must Know Now

The global aviation sector is facing a mounting cybersecurity crisis as Qantas, Hawaiian Airlines, WestJet, and South African Airways become the latest high-profile victims of cyberattacks, exposing customer data and highlighting vulnerabilities in airline IT infrastructure.

The most recent breach emerged on June 30, 2025, when Australian carrier Qantas Airways disclosed a significant cybersecurity incident compromising personal information of millions of its customers. The breach, traced to a third-party contact center in Manila, underlines a dangerous pattern of targeted cyberattacks crippling airlines across continents.

Qantas Data Breach: What Happened?

On June 30, 2025, Qantas confirmed that unauthorized access had occurred within one of its outsourced customer service platforms located in Manila. The platform, operated by a third-party vendor, suffered a security lapse exploited by threat actors, exposing sensitive customer information.

The compromised data included:

• Names
• Email addresses
• Phone numbers
• Dates of birth
• Frequent flyer numbers

Fortunately, no credit card details, passport information, passwords, or PINs were stored in the affected system, shielding customers from more severe identity theft risks. However, Qantas admitted that as many as six million customer profiles may have been exposed.

The suspected group behind the breach, known as “Scattered Spider,” has built a notorious reputation for breaching major corporate networks through deception, often impersonating employees or contractors to gain system access.

Despite the scale of the incident, Qantas emphasized that flight operations and core security systems remained unaffected, with rapid containment actions implemented to prevent further damage. The airline swiftly notified impacted customers and advised vigilance against potential phishing attempts.

Government Warnings: The Growing Threat to Aviation Cybersecurity

The Qantas breach forms part of a disturbing global trend where cybercriminals increasingly target airlines due to the valuable personal and operational data these entities manage. The Australian Signals Directorate (ASD) promptly issued a nationwide advisory, stressing the urgent need for airlines to fortify their cybersecurity defenses.

The ASD highlighted how evolving cybercriminal tactics—such as social engineering, ransomware, and system infiltration—pose serious threats not only to personal data but to the integrity of airline operations.

Australian Government officials reiterated that safeguarding sensitive information is a national security priority, especially given the dependence of airlines on complex, interconnected IT ecosystems vulnerable to exploitation.

Hawaiian Airlines, WestJet, and South African Airways: A Pattern of Attacks

The Qantas incident follows a succession of cyberattacks on major airlines in recent months, revealing that no carrier is immune from sophisticated cyber threats.

Hawaiian Airlines, headquartered in the United States, reported a cybersecurity breach on June 26, 2025, targeting certain IT systems. Though details remain scarce, the nature of the incident suggests a potential ransomware attack.

Hawaiian Airlines emphasized that flight safety and schedules were unaffected, with internal investigations launched and federal authorities, including the Federal Aviation Administration (FAA), closely monitoring developments. Swift mitigation efforts were deployed to restore affected systems.

WestJet Airlines in Canada was similarly targeted in late June 2025, suffering disruptions across its internal systems, including booking platforms and mobile applications. Customers experienced intermittent access issues, affecting reservations and service availability.

The Royal Canadian Mounted Police (RCMP) launched a formal investigation, working alongside WestJet to contain the breach. The airline responded by isolating affected networks and enhancing cybersecurity protocols to shield customer data.

South African Airways faced its own cyber crisis in May 2025, with attackers compromising the airline’s website, mobile app, and several internal operational systems. Though no customer data was stolen, the attack caused significant disruptions to digital services, prompting a complete security audit and rapid restoration of critical platforms.

These incidents reveal a disturbing escalation in the scale, frequency, and sophistication of attacks against airlines, with cybercriminals exploiting weak links in global aviation IT infrastructure.

The Vulnerabilities of Airline Digital Infrastructure

The aviation industry’s increasing reliance on digital platforms—from booking systems and mobile apps to operational control centers—creates a sprawling attack surface for cybercriminals. Airlines manage vast volumes of sensitive personal data, financial records, and operational details, making them prime targets for both profit-driven cybercrime and state-sponsored attacks.

Contact centers, often outsourced to third-party vendors in lower-cost jurisdictions, present significant vulnerabilities, as demonstrated in the Qantas breach. These platforms may lack the rigorous security standards of core airline IT systems, making them attractive targets for attackers seeking access to customer information.

Moreover, the interconnected nature of global aviation—where IT systems interface with airports, regulatory bodies, and service providers—increases the complexity of securing airline infrastructure.

Coordinated Response: Governments and Airlines Strengthening Defenses

In response to the surge in cyberattacks, both government agencies and airlines are ramping up cybersecurity initiatives to fortify defenses.

The Australian Signals Directorate (ASD) has urged all airlines and critical infrastructure operators to enhance their cybersecurity maturity, including the adoption of multi-factor authentication, advanced threat detection, and comprehensive staff training programs.

Similarly, the Federal Aviation Administration (FAA) and Royal Canadian Mounted Police (RCMP) are working closely with affected airlines to investigate breaches, share intelligence, and implement preventive measures.

Airlines themselves have taken proactive steps to mitigate risks, including:

• Upgrading IT infrastructure with advanced encryption and intrusion detection systems
• Conducting comprehensive security audits of third-party vendors
• Expanding employee awareness programs to combat phishing and social engineering attacks
• Establishing rapid incident response protocols to contain future breaches

Scattered Spider: The Cybercriminal Group Behind the Attacks

The shadowy group “Scattered Spider” has emerged as a central figure in these airline breaches. Known for deploying deceptive tactics, the group specializes in social engineering, often posing as legitimate employees or contractors to infiltrate corporate networks.

Cybersecurity experts believe Scattered Spider operates as part of a broader ecosystem of ransomware affiliates, targeting high-value industries such as aviation, finance, and healthcare.

While attributing cyberattacks remains complex, the hallmarks of Scattered Spider’s operations—highly targeted attacks, exploitation of human error, and stealthy system infiltration—align with the methods observed in the Qantas breach.

A Call for Global Collaboration to Secure Aviation

The spate of cyberattacks on airlines underscores the urgent need for coordinated global action to enhance cybersecurity across the aviation sector. As cyber threats grow in scale and complexity, airlines cannot rely solely on internal measures; collaborative efforts involving governments, industry groups, and cybersecurity experts are essential.

Key areas of focus include:

• Global Threat Intelligence Sharing: Real-time collaboration between airlines and security agencies to track emerging cyber threats.
• Third-Party Vendor Oversight: Rigorous security standards for outsourced services, including contact centers, booking platforms, and IT contractors.
• Incident Response Preparedness: Pre-established protocols for rapid breach containment, customer notification, and system restoration.
• Regulatory Harmonization: Unified cybersecurity regulations to ensure consistent standards across international aviation markets.

The aviation sector is a cornerstone of global connectivity and economic stability. Protecting its digital infrastructure is critical not only for safeguarding customer data but also for maintaining the safe, reliable operation of air travel worldwide.

Conclusion: A Wake-Up Call for Aviation Cybersecurity

The breaches at Qantas, Hawaiian Airlines, WestJet, and South African Airways serve as a stark reminder of the escalating cybersecurity threats facing the global aviation industry. While immediate flight operations were largely unaffected, the exposure of customer data and disruption of digital services signal profound vulnerabilities.

With cybercriminal groups like Scattered Spider refining their tactics, airlines must remain vigilant, investing in advanced defenses and fostering cross-border cooperation to stay ahead of evolving threats. Governments, regulators, and industry leaders must work together to build a resilient, secure future for global air travel.

As the world becomes increasingly interconnected, robust cybersecurity in aviation is not optional—it is a mission-critical imperative to protect passengers, data, and critical infrastructure from the growing onslaught of cyberattacks.