10 aviation cybersecurity breaches and disruptions in 2025 - Aerospace Global News

So far this year, the aviation industry has faced a rise in cyberattacks, ranging from hacktivist-led DDoS campaigns to data breaches affecting millions of passengers.  The 10 most significant cyber incidents, as reported by SOCRadar, impacted airlines, airports, and other organisations. Each exposed vulnerability in the industry’s interconnected systems. “Aerospace organisations are attractive targets because of their operational complexity and high sensitivity to downtime,” Sam Rubin, SVP, Consulting and Threat Intelligence at Unit 42 for Palo Alto Networks, tells AGN. “Attackers understand that even brief disruptions can have far-reaching consequences—financial, logistical, and reputational. This urgency often pressures companies to act quickly, making them more vulnerable to ransom demands.” 1. Air France-KLM Country: France/Netherlands Threat Actor: Scattered Spider (suspected) What Happened: Air France and KLM detected unauthorised activity on an external customer service platform used by their contact centres. This was swiftly contained in collaboration with the third-party provider. Importantly, internal airline systems were not compromised. Exposed customer data includes names, emails and phone numbers of customers, details of tier levels and account numbers of Flying Blue members, and customer service email subject lines.   2. Qantas Airways data breach – 5.7 million customers exposed (June–July 2025) Country: Australia Threat Actor: Scattered Spider (suspected) What Happened: An attack on a third-party platform tied to a Qantas contact centre compromised the personal information of 5.7 million passengers. The records contained frequent flyer data, email addresses, and contact information, but not payment or passport details.  Qantas Airbus A380 over Sydney Harbour. Photo: Qantas The breach drew attention to third-party and ‘social engineering’ risks. Social engineering involves manipulating people into sharing information, downloading software, or visiting websites that compromise organisational security.  3. Kuala Lumpur International Airport ransomware attack (March 2025) Country: Malaysia Threat Actor: Qilin ransomware group (claimed) What Happened: A ransomware attack severely impacted KLIA operations, taking down systems for over 10 hours. The attackers claimed to have stolen 2TB of data and demanded $10 million in ransom. While manual workarounds kept flights moving, the incident triggered a nationwide cybersecurity response. 4. WestJet Airlines IT intrusion (June 2025) Country: Canada Threat Actor: Scattered Spider (suspected) What Happened: An attack on parts of WestJet’s digital infrastructure affected its mobile app and internal systems. The airline avoided flight disruptions but warned of ongoing service instability. As with Qantas, the attack may have involved social engineering. Photo: WestJet 5. Hawaiian Airlines cyber incident (June 2025) Country: United States Threat Actor: Scattered Spider (suspected) What Happened: A cybersecurity incident affected the airline’s internal systems and communications. Although the breach did not expose customer data, staff had to find other ways to communicate to keep operations going. 6. ICAO Recruitment Platform Breach (January 2025) Organisation: International Civil Aviation Organisation (UN agency) Threat Actor: “Natohub” What Happened: A breach of ICAO’s recruitment system exposed data for nearly 12,000 applicants. The attack didn’t affect operational systems but raised alarms over security at aviation’s top regulatory bodies. 7. Milan Bergamo Airport website offline after DDoS attack (April 2025) Country: Italy Threat Actor: Noname057(16) (pro-Russia hacktivist group) What Happened: A coordinated DDoS campaign took down the airport’s website, disrupting public access. The attack was part of a larger ideological campaign by Russian-aligned actors targeting EU infrastructure. 8. United Airlines alleged SMS leak on the dark web (June 2025) Country: United States Threat Actor: “Machine1337” (unverified) What Happened: A hacker allegedly released 272 million SMS records linked to United Airlines. However, the messages appeared to be test data labelled “FakeDLR.” That called into question the legitimacy of the hacker’s claims, but still showed United is a target. Photo: Boeing 9. Attempted DDoS attack on Atlanta Hartsfield-Jackson (March 2025) Country: United States Threat Actor: Unknown What Happened: An attempted DDoS attack temporarily disrupted ATL airport operations. Core operations were unaffected, and the airport’s IT responded quickly to avoid a more serious impact. The incident underscored the importance of strong DDoS defences. 10. Unauthorised VPN access sale targeting a US aviation company (ongoing) Country: United States Threat Actor: Unknown (Dark Web listing) What Happened: A dark web post advertised VPN access to an American aviation company with $93M in annual revenue. Though unconfirmed, such access could enable data theft, lateral movement, and ransomware attacks, posing a serious risk to backend infrastructure. Industry-wide ‘access sale’ listings on the dark web SOCRadar flagged numerous alleged access sales related to airlines and aviation vendors. While not always verifiable, the trend points to a thriving underground market for compromised aviation credentials and system access. Photo: Airbus “Unit 42 has responded to a wave of high-impact attacks this year—not only in aerospace, but across financial services, telecom, retail, and insurance,” Rubin says.  How aviation can prepare for more cyberattacks The incidents from 2025 confirm that the aviation industry is a significant target for hackers. The scale, speed, and sophistication of cyberattacks are growing, whether they are politically or financially motivated.  Cyber experts warn that airlines, airports, and regulatory bodies must adopt zero-trust strategies, train staff on cyber hygiene, and invest in real-time monitoring and response capabilities.  “The most effective step companies can take is to strengthen their people defences,” says Rubin. “This means clearly defined identity verification procedures, regular training, and empowering employees and support teams to recognise and report suspicious activity.” Photo: Unsplash SITA’s 2024 Air Transport IT Insights report shows that enhanced cybersecurity is the top priority of investment for airlines. The investment has primarily focused on creating a security operations centre (SOC), with 87% of airlines reporting an implementation. Airlines have turned to artificial intelligence/machine learning for threat detection and analysis, with 81% implementing this technology. Airports have also made cybersecurity a priority, with 80% reporting it as their most significant IT spending.  Bad actors will continue to search for the weakest link in aviation, and that is often human.  “Building awareness and tightening processes can go a long way in preventing these types of attacks,” Rubin says. News Air Transport Innovation & Technology Trending Articles AI Aviation cyberattack Cybersecurity IT Sign up for our newsletter and get our latest content in your inbox. I agree to Aerospace Global News' Privacy Policy Subscribe SIMILAR READS Young innovator wins Global Challenge with pharmaceutical waste-to-SAF concept Young innovator wins Global Challenge with pharmaceutical waste-to-SAF concept alcohol-to-jet March 17, 2026 UK aviation enters ‘delivery phase’ as Jet Zero report highlights SAF and hydrogen progress UK aviation enters ‘delivery phase’ as Jet Zero report highlights… carbon capture March 17, 2026 Amazon exits Commercial Drone Alliance, exposing rift over detect-and-avoid safety rules Amazon exits Commercial Drone Alliance, exposing rift over detect-and-avoid safety… Amazon March 17, 2026 Air China to resume weekly Beijing-Pyongyang flights from late March Air China to resume weekly Beijing-Pyongyang flights from late March Air China March 17, 2026 RELATED TOPICS Air Transport Airlines and Business Defence Innovation and Technology Private Space Sustainability More from Air Transport Innovation and Technology Manufacturing Sustainability UK aviation enters ‘delivery phase’ as Jet Zero report highlights SAF and hydrogen progress UK aviation enters ‘delivery phase’ as Jet Zero report highlights SAF and hydrogen progress March 17, 2026 Air China to resume weekly Beijing-Pyongyang flights from late March Air China to resume weekly Beijing-Pyongyang flights from late March March 17, 2026 Allegiant-Sun Country merger given early antitrust green light by US authorities Allegiant-Sun Country merger given early antitrust green light by US authorities March 17, 2026 The American Airlines app will now explain why flights are delayed or cancelled The American Airlines app will now explain why flights are delayed or cancelled March 17, 2026