News / Air & Airports

Cybercriminal group “Scattered Spider” targeting airlines, warns FBI

Michael Pihach

06-30-2025 6:46 am

Michael Pihach

Michael Pihach is an award-winning journalist with a keen interest in digital storytelling. In addition to PAX, Michael has also written for CBC Life, Ryerson University Magazine, IN Magazine, and DailyXtra.ca. Michael joins PAX after years of working at popular Canadian television shows, such as Steven and Chris, The Goods and The Marilyn Denis Show.

A known cybercriminal group has turned its focus to aviation, successfully infiltrating the computer systems of several airlines in the U.S. and Canada this month, according to the FBI.

While the breaches haven’t compromised flight safety, they have put top cybersecurity leaders at airlines on high alert.

The attacks are believed to be the work of “Scattered Spider,” a group of young hackers known for tactics aimed at extorting or humiliating their targets.

The hackers target big companies and their IT contractors, “which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the FBI said Friday night in a statement that named Scattered Spider as the perpetrator of the airline hacks.

“Once inside (a victim’s network), Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.”

The FBI said it “is actively working with aviation and industry partners to address this activity and assist victims.”

The update provided some context to a series of cyber-related incidents that have disrupted airlines in recent weeks.

Both Hawaiian Airlines and WestJet are still in the process of assessing the damage from recent cyberattacks – although the airlines have not named the perpetrators.

“We are working as quickly as possible to assess any potential data in scope. Our investigations are ongoing, and we will provide updates as appropriate in the future,” WestJet wrote in its last update posted June 18.

American Airlines also experienced a tech issue on Friday (June 27), although it’s unclear if it was related or caused in any way by hackers.

“A technology issue is affecting connectivity for some of our systems and we are working with our partners to fully resolve the issue,” an American Airlines spokesperson said in a statement at the time, as reported by NBC News. “Though we are experiencing delays as a result, we have not cancelled any flights at this time.”

The Scattered Spider group has also been tied to attacks on Las Vegas casinos in 2023 and British department stores earlier this year.

Limited details

Details on the effects of the attacks on airlines remains limited.

WestJet has not yet characterized the type of cyber incident it is dealing with, such as a malware or ransomware attack.

The breach at the Alberta-based airline arrived just ahead of foreign leaders gathering last weekend for the G7 summit in Kananaskis, AB – although no link to the event has been identified.

The number of affected WestJet customers remains unknown, and it has not yet been determined if any personal information has been compromised.

Don't miss a single travel story: subscribe to PAX today! Click here to follow PAX on Facebook.