By Peter Boylan
The Federal Bureau of Investigation is investigating the 鈥渃ybersecurity event鈥 that plagued Hawaiian Airlines for at least three days last week as part of the alleged actions of an international group of cyber-thieves known as Scattered Spider.
Hawaiian Airlines, a subsidiary of the Alaska Air Group, has not said if customer or corporate data was compromised, nor have company officials detailed what exactly happened to their information technology systems or if a ransom demand was made.
However, spokesperson Alex Da Silva said Wednesday that the company鈥檚
investigation of 鈥渁 cyber-security event that affected some of our IT systems is ongoing with third-party experts and relevant authorities. Our immediate priority has been to protect our systems and data, and to ensure continued secure and safe operations.鈥
鈥淲e continue to safely operate our full schedule 鈥 flights and reservations have not been impacted,鈥 Da Silva said. 鈥淲e are committed to sharing more information as it becomes available.鈥
Scattered Spider targets large companies and their contracted IT help desks, engaging in data theft for extortion. The group is known to use BlackCat/
ALPHV ransomware, according to a Nov. 16, 2023, advisory from the FBI and the Cybersecurity and Infrastructure Security Agency.
On Thursday, Hawaiian Airlines posted a note on its website saying the company was 鈥渁ddressing a cybersecurity event that has affected some of our IT systems.鈥 The airline assured the public that the safety and security of its customers and employees remained a top priority and that flight operations were not affected.
A day after disclosing to the public that its systems had been hacked, the airline reported the incident Friday to the U.S. Securities Exchange Commission. That disclosure revealed the company was aware of the cyber intrusion at least three days before it made the breach public.
The SEC disclosure said that on June 23, the airline identified 鈥渁 cybersecurity incident affecting certain information technology systems. Upon learning of this event, we immediately took steps to safeguard Hawaiian鈥檚 operations and systems. Flights are currently operating safely and as scheduled. We have engaged the relevant authorities and experts to assist in our investigation and ongoing remediation effort.鈥
The company in its disclosure said it had yet to determine whether the incident 鈥渋s reasonably likely to materially impact鈥 Hawaiian鈥檚 financial condition or operations results.
The same day as the SEC disclosure, the FBI issued
a national alert noting the cybercriminal group
Scattered Spider was 鈥渆xpanding its targeting鈥 to include the airline sector.
鈥淭hese actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts. They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,鈥 the FBI said in the alert.
The agency said it is actively working with aviation and industry partners to address the threat and assist victims.
鈥淓arly reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise. If you suspect your organization has been targeted, please contact your local FBI office,鈥 the alert said.
FBI officials in Hawaii and Washington, D.C., declined to comment further.
Scattered Spider is the same group behind the 2023 hack of MGM Resorts and Caesars Entertainment that cost the companies millions of dollars, according to CSO Online, a publication serving 鈥渆nterprise security decision-makers and users.鈥
Hawaiian Airlines was targeted along with Canadian carrier WestJet and Australian airline Qantas.
The Scattered Spider group is also known as UNC3944, Starfraud, Scatter Swine, Muddled Libra, Octo Tempest and 0katpus.
Between May and June, the group hacked retailers including Marks &Spencer, Harrods, Cartier, Victoria鈥檚 Secret and Adidas, and
the insurance companies Aflac and Philadelphia Insurance Cos., according