Turbulence in the Clouds: How Hackers are Targeting the Global Airline Industry Amidst Rising Passenger Traffic

Cybersecurity challenges in the aviation industry
May 9, 2024 Cyber Security
-By Ashwani Mishra, Editor-Technology, 63 SATS

As the global aviation industry braces for a significant uptick in passenger numbers, projected to reach 4.7 billion in 2024 (as per IATA), airlines face a parallel threat that undermines the celebration of growth: severe cybersecurity breaches.

The recent years have been particularly turbulent, with several major airlines falling victim to sophisticated cyber-attacks, exposing sensitive personal data and shaking consumer confidence.

Globally, approximately 23.328 million customers have been impacted by a data breach in the aviation industry over the past few years.

A notable incident involved American Airlines and Southwest Airlines, where the personal details of thousands of pilot applicants were compromised due to a breach in the Pilot Credentials recruitment software. Detected in late April, the hack affected over 8,000 applicants, majority to American Airlines, sparking concerns over identity theft and unauthorized data use.

Qantas also suffered a privacy mishap, not from malicious intent but due to a technological fault in their system updates, which inadvertently exposed the personal details of other passengers on their app. While this wasn’t a targeted attack, it highlighted the vulnerabilities that can arise from internal IT environments.

In November last year, Germany’s leading airline, Lufthansa, suffered a significant IT malfunction. This incident may have been caused by a deliberate cyberattack orchestrated by the hacking group KillMilk.  The group later wrote, “Now we know how to halt the navigation and technical systems of any airport worldwide.”

Cybersecurity Breaches are Costing Airlines Millions

The stakes are high, as demonstrated by the infamous British Airways data breach in 2018, which resulted in a hefty £20 million fine after personal and credit card information of over 400,000 customers was compromised. Similarly, easyJet disclosed a sophisticated attack in 2020 affecting nine million customers, emphasizing the potential scale and impact of such breaches.

Malaysia Airlines reported a protracted nine-year data breach, underscoring the enduring vulnerability that airlines face from third-party IT service providers.

This breach echoed the extensive data compromise at Air India Limited , orchestrated by the notorious APT41 group, affecting 4.5 million passengers and illustrating the global and interconnected nature of aviation cybersecurity threats.

Adding to the list of affected carriers, Gulf Air , the national air carrier for the Kingdom of Bahrain, recently confirmed a data breach likely leading to the theft of sensitive customer information. This incident underlines the global nature of the threat, affecting carriers big and small across all regions.

Fortifying the Fleets

The narrative is stark – as airlines navigate increased passenger volumes and complex digital ecosystems, the importance of robust cybersecurity measures has never been more critical.

From enhancing cyber hygiene to strict monitoring of third-party vendors, airlines must fortify their defenses to safeguard passenger data against the growing tide of cyber threats.

The question remains: how will the industry adapt and strengthen its shields against these invisible assaults?

Share your thoughts on how airlines can improve their IT resilience and protect customer information amidst these digital skirmishes.

Cyber Storms The Escalating Threat to Airlines in a Booming Travel Era 3A 1 63 Sats Cybersecurity India