Full Report
The US airline said that incident was affecting some of its IT systems, but flights are continuing to operate safely and as scheduled
Analysis Summary
# Incident Report: Hawaiian Airlines Cybersecurity Event
## Executive Summary
Hawaiian Airlines experienced an unconfirmed cybersecurity incident impacting some of its IT systems, leading to the need for an "orderly restoration" of services. Flights continued to operate safely despite the event. The airline engaged external experts and federal authorities, but the nature of the attack and potential data impact remain undisclosed as of the report date.
## Incident Details
- **Discovery Date:** June 26, 2025 (Statements posted on this date)
- **Incident Date:** Prior to or on June 26, 2025
- **Affected Organization:** Hawaiian Airlines
- **Sector:** Aviation/Airline
- **Geography:** United States
## Timeline of Events
### Initial Access
- **Date/Time:** Undisclosed
- **Vector:** Unknown (Nature of the event not specified)
- **Details:** Unknown. The incident impacted unspecified IT systems.
### Lateral Movement
- **Details:** Not reported in the available information.
### Data Exfiltration/Impact
- **Details:** The nature of the impact is unknown; however, the company stated it was working toward an "orderly restoration" of systems. Potential customer data impact is unconfirmed.
### Detection & Response
- **Detection:** The company disclosed the "cybersecurity event" via updates posted on its website on June 26, 2025.
- **Response Actions:** The airline took steps to safeguard operations, engaged appropriate experts and federal authorities (including the FAA), and began working toward an "orderly restoration" of affected systems.
## Attack Methodology
- **Initial Access:** Unknown
- **Persistence:** Unknown
- **Privilege Escalation:** Unknown
- **Defense Evasion:** Unknown
- **Credential Access:** Unknown
- **Discovery:** Unknown
- **Lateral Movement:** Unknown
- **Collection:** Unknown
- **Exfiltration:** Unknown
- **Impact:** Disruption to unspecified internal IT systems, requiring restoration efforts.
## Impact Assessment
- **Financial:** Not disclosed.
- **Data Breach:** Unconfirmed whether customer data was affected.
- **Operational:** Flights were reported as operating safely and as scheduled, suggesting core flight operations were protected or quickly stabilized, but internal IT systems required restoration.
- **Reputational:** Public disclosure was made via company website updates.
## Indicators of Compromise
- **Network indicators:** None reported.
- **File indicators:** None reported.
- **Behavioral indicators:** Evidence of IT system impact requiring orderly restoration.
## Response Actions
- **Containment measures:** Steps were taken to "safeguard operations."
- **Eradication steps:** Not explicitly detailed.
- **Recovery actions:** Working toward an "orderly restoration" of affected systems.
## Lessons Learned
- **Key takeaways:** The incident highlights the ongoing threat landscape targeting the aviation sector (noted in context of a recent WestJet incident). Maintaining operational safety despite IT disruptions is a critical challenge.
- **What could have been done better:** The speed and scope of recovery depend on prior segmentation and backups, though the article does not specify deficiencies.
## Recommendations
- Maintain robust segmentation between critical flight operations systems and potentially vulnerable IT environments.
- Ensure rapid engagement protocols are in place with federal authorities (e.g., FBI, CISA) when cybersecurity events occur.
- Develop clear internal and external communication plans to manage disclosures regarding system outages and potential data exposure.