- Hawaiian Airlines Files 8-K form with SEC
- It claims to have observed an attack but it did not affect flights or their security
- Security researchers believe the attack was carried out by scattered spider
Hawaiian Airlines has said it has recently suffered a cyber attack, but emphasized that the incident did not affect any flights.
In a new 8-k form submitted to the US Securities and Exchange Commission (SEC), the airline said it identified a “security event affecting certain information technology systems”, on June 23, 2025.
The company responded by “taking steps to protect operations and systems”, bringing external third -party cyber security experts to investigate the attack and notify relevant authorities of the incident.
Scattered Spider’s fingerprints
Other details are unknown at the time, but security experts and the media speculate that this could have been working with scattered spider, a hacking collective that has targeted US-based retailers recently.
Actually Charles Carmakal, CTO for Google’s Mandiant Consulting Security Research Arm, told Registered This attack “bears the characteristics” of the special threat actor.
“Mandiant is aware of several incidents in the airline and the transport sector, similar to the operation of UNC3944 or scattered spider. We are still working on attribution and analysis, but given this actor to focus on a single sector, we suggest the industry immediately take steps to harden systems,” Carmakal said.
“The actor’s core tactics, techniques and procedures have been consistent. This means that organizations can take proactive steps such as educating their Helpdesk staff to enforce robust identity verification processes and implement phishing-resistant MFA to defend against these intrusions. Further advice can be found in our previous curing guide.”
Hawaiian adds that the flights work safely and per. Timetable.
“The company has not yet decided whether the incident is reasonably likely to significantly influence the company’s financial conditions or operating results,” the archiving concluded.
As the company did not take down its IT network, it is safe to assume that this was not a ransomware attack, but these details could be known in the coming weeks.
