Hawaiian Airlines Hit by Cyberattack! What New Threats is the Industry Facing?

1. Lead: The Cyber Wave That Hit the "Gateway to Paradise"

At the departure lobby of Honolulu International Airport, a family in Aloha shirts stops in front of an automated check-in machine, checking the airline's X (formerly Twitter) on their smartphones. Next to the familiar Hawaiian Airlines logo is a pinned post stating, "We are addressing a cybersecurity event―currently no impact on flights." On June 26, 2025, at 8:00 AM (Hawaii time), the news of a "cyberattack" that partially halted the company's IT systems sent a momentary wave of tension through travelers passing through Hawaii's gateway to the world. However, on the runway, an A330 took off on schedule, and cabin crew welcomed passengers with their usual "Aloha!" smiles—behind this strange "normal operation," the information department, an external forensic company, and federal authorities were tirelessly working. hawaiinewsnow.com

2. Timeline of the Cyberattack Discovery

• June 26, 06:45 HST: Network monitoring tools detect heavy traffic to the reservation management server.

• 07:10: The company's SOC (Security Operations Center) identifies the anomaly as an "incident" and isolates certain systems.

• 08:00: First report to the Hawaii Department of Transportation (HDOT). The department's official X posts "Flights are safe" (1,800 likes).

• 10:30 (23:30 UTC): Reuters breaks the news of a "possible ransomware," featured on the international front page. reuters.com

• 13:00: Official statement updated. "No impact on guest travel. Restoration in progress" is clearly stated. newsroom.hawaiianairlines.com

• June 27: The Record and Bleeping Computer release follow-up reports, with expert comments pouring in. therecord.mediableepingcomputer.com
  
  

3. Impact Range: Behind the "Unscathed Operations"

On the surface, everything seemed calm, but in reality, approximately 15 systems, including reservation and loyalty management, cargo management, and internal email, were gradually cut off. The operational data link, including backup lines, was placed in a separate segment, so equipment scheduling and flight plan generation continued. However, passengers reported inconveniences such as "unable to log into the mobile app" and "a delay of several seconds in web check-in." A post on X stating, "I was issued a paper boarding pass at the check-in counter for the first time since just after COVID," was also widely shared. reuters.combleepingcomputer.com

4. Emerging "Ransom Shadow" and the Modus Operandi

Experts focused on the phrase **"orderly restoration" in the official document. This is often used by companies affected by ransomware to indicate the decryption process. According to a report by APT research firm Malcore, the main ransomware groups targeting aviation and transportation in 2025 are LockBit remnants "Tau Group" and the emerging "PacificJackal", both sharing the commonality of "base servers in Asia-Pacific." In the Hawaiian Airlines incident, there was no confirmed trace of encryption**, and instead, a "double extortion" type demanding Bitcoin via threatening emails after stealing credentials is being discussed. therecord.media

5. Challenges During the Integration with Alaska Airlines

Just nine months after the $1.9 billion acquisition by Alaska Airlines Group in September 2024, Hawaiian Airlines was in the midst of organizational restructuring and system integration. Parent company ALK's stock temporarily fell 4.2% following the incident report, deepening the year-to-date decline to 25%. However, at the investor briefing on the same day, it was emphasized that "investment to accelerate M&A synergy is proceeding as planned." Market analysts point out that "delays in identity integration (IDaaS) during the integration process expanded the attack surface." investopedia.com

6. Ripple Effects on Hawaii's Economy and Tourism

The Hawaii Tourism Authority (HTA) recorded 10.3 million tourists and total spending of $21 billion in 2024. Hawaiian Airlines holds about a 65% share of inter-island routes. A tour desk representative in Ala Moana estimates that "the uncertainty of 'whether it will fly' chills consumer sentiment. A one-day delay could result in an economic loss of approximately $18 million for the entire state." Meanwhile, HTA comments that "as long as operations continue, the actual damage is minimal," and no surge in cancellation rates has been confirmed at this time.

7. Voices on Social Media: The Shaken Aloha Spirit

• "Couldn't access the site from airport Wi-Fi 💦 but the gate is peaceful. Mahalo to the staff!" (@honolulu_runner)

• "Called to change my reservation and was told 'expected wait time 120 minutes' 😂 but the flight is on-time" (r/Hawaii) reddit.com

• "Deja vu with last year's WestJet. Airlines need to hurry with Zero Trust ⛑️" (r/InfoSecNews) reddit.com
  Positive posts accounted for about 60%, with many expressing "appreciation for on-site staff." On the other hand, concerns about "personal information leaks" reached 30%, and the company's FAQ page views skyrocketed to 15 times the usual.

8. Expert Perspectives: Challenges in Aviation Cyber Defense

In 2023, the US FAA revised the "Aircraft Operator Cybersecurity Advisory AC-325," requiring 24-hour SOC operations and SBOM (Software Bill of Materials) submission. However, the implementation rate is only 72% even among the top 10 companies in the US. Mira Kawamura, an analyst at Carnegie Mellon University's CERT, warns that "the integration period of 'hastily connecting' legacy reservation systems and emerging cloud APIs is the biggest blind spot." therecord.media

9. Crisis Management and Reputation

The company had previously surged to "5th in brand favorability ranking" for its swift SNS response during the 737 MAX grounding in 2019. This time, a multilingual FAQ was set up within two hours of the announcement, earning praise as a "model" from PR experts. However, the use of a Gmail address by the PR representative raised "questions about security culture," becoming a topic in overseas media, which was an unexpected outcome. reuters.com

10. Future Scenarios: Protecting the "Aloha"

Hawaiian Airlines plans to publish a third-party audit report within 60 days. The focus will be on

1. the presence and scope of leaked data

2. accelerating the ID management integration roadmap

3. re-evaluating the BCP (Business Continuity Plan) including island infrastructure
   Domestic and international airlines will likely look to this report as a "compass of lessons." Like a rainbow over the skies of Hawaii, can they overcome the crisis and restore the vibrant Aloha Spirit? The answer lies in the recovery process and transparency over the coming months.