Full Report
Hawaiian Airlines, the tenth-largest commercial airline in the United States, is investigating a cyberattack that has disrupted access to some of its systems. [...]
Analysis Summary
# Incident Report: Hawaiian Airlines Cyberattack Disclosure
## Executive Summary
Hawaiian Airlines disclosed a cyberattack targeting its systems, though the full scope and nature of the compromise remain officially undisclosed, with no immediate impact reported on flight operations or safety. The incident occurred while Hawaiian Airlines is in the process of being acquired by the same parent company as Alaska Airlines, which recently experienced a similar disruption. Response actions included FAA monitoring and engagement with law enforcement, though containment specifics are pending.
## Incident Details
- Discovery Date: Undisclosed (Public Disclosure Date implicitly around June 26, 2025)
- Incident Date: Undisclosed
- Affected Organization: Hawaiian Airlines
- Sector: Aviation/Airline
- Geography: United States
## Timeline of Events
### Initial Access
- Date/Time: Undisclosed
- Vector: Unknown
- Details: Attack vector and initial entry point are not specified in the disclosure.
### Lateral Movement
- Details: Unknown. It is unclear if the attack involved internal network movement or was restricted to specific systems.
### Data Exfiltration/Impact
- Details: The nature of the impact (e.g., ransomware encryption, data theft) is currently unclear. Whether data was exfiltrated is unknown, but the airline confirmed **flights were not affected**.
### Detection & Response
- Date/Time: Undisclosed (Detection preceded public disclosure)
- Details: The FAA stated they are monitoring the situation. The airline engaged with organizations relevant to its pending acquisition by Alaska Air Group. Law enforcement engagement is implied for regulatory obligations.
## Attack Methodology
- Initial Access: Unknown
- Persistence: Unknown
- Privilege Escalation: Unknown
- Defense Evasion: Unknown
- Credential Access: Unknown
- Discovery: Unknown
- Lateral Movement: Unknown
- Collection: Unknown
- Exfiltration: Unknown (Potential data compromise remains a possibility)
- Impact: Unknown (No operational impact reported; potential for data loss or system disruption existed)
## Impact Assessment
- Financial: Not disclosed.
- Data Breach: Unknown. It is unclear if customer or employee Personal Identifiable Information (PII) was accessed or exfiltrated.
- Operational: **No impact on safety or flight operations.**
- Reputational: Disclosure creates uncertainty, especially following another recent airline security incident (WestJet).
## Indicators of Compromise
- [No specific IOCs were provided in the source material.]
## Response Actions
- Containment measures: Unknown, but implied investigation is underway.
- Eradication steps: Unknown.
- Recovery actions: Unknown.
- **External Monitoring:** The Federal Aviation Administration (FAA) is actively monitoring the situation.
## Lessons Learned
- The incident highlights ongoing broad-spectrum threats targeting the aviation industry, evidenced by a similar recent attack on WestJet.
- Critical flight operations remained separated or resilient against the compromise, indicating potential segmentation success or that non-operational systems were targeted.
## Recommendations
- Conduct a thorough forensic analysis to determine the exact attack vector and the type of compromise (e.g., ransomware vs. data theft).
- Review segmentation between critical flight operations systems and potentially exposed corporate or support networks.
- Engage external forensic experts immediately, as was done by WestJet in a parallel incident.