Why summer travel is a cyber criminal's playground—and how to fight back

The summer travel season is at its peak, the transportation and airline industries find themselves in the crosshairs of increasingly sophisticated cyber adversaries. Among the most alarming is Scattered Spider, a group the FBI now warns is deliberately targeting aviation companies to steal sensitive data, deploy ransomware, and disrupt operations. At the same time, record‐breaking passenger volumes over holidays like Fourth of July only magnify the potential impact—on both carriers and the millions of travelers who depend on them.

FBI Warning: Scattered Spider Targets Airlines
On June 28, 2025, the FBI took the rare step of posting an alert on X (formerly Twitter), urging U.S. carriers and their IT providers to harden defenses against Scattered Spider. Key tactics include:

Social engineering: Impersonating employees or contractors to trick help‐desk personnel into resetting credentials or registering unauthorized MFA devices.

MFA bypass: Convincing support staff to add rogue MFA tokens, granting attackers persistent access.

Data theft & extortion: Once inside, the group steals customer and corporate data for ransom or to fuel extortion campaigns 

Recent U.S. Incidents in Aviation & Transport
Date    Organization    Incident    Records Affected
June 13–16, 2025:    WestJet - Internal‐systems breach causing intermittent app/website errors    N/A
June 26, 2025:    Hawaiian Airlines -  IT‐system disruption indicative of ransomware, flights unaffected    N/A
June 30–July 1, 2025:    Qantas  - Unusual activity on contact‐centre platform, up to 6 million customer records exposed    ~6 million
June 6, 2025:    Texas DOT  -  Improper download of ~300,000 crash reports with personally identifiable driver data    ~300,000
June 9, 2025:    Zoomcar (India/US)  -  Data theft, 8.4 million user records offered for sale    ~8.4 million

Airline Focus: Though WestJet and Hawaiian Airlines confirmed only operational hiccups and no flight delays, the pattern mirrors classic Scattered Spider methodology—social engineering followed by system lock‐downs or data grabs 

Why Summer Travel Is Particularly Vulnerable
1.  Record Volumes:  72.2 million Americans expected to travel ≥50 miles during July 4–6, 2025 (up 1.7 million YoY).

2.  TSA projects screening 18.5 million airline passengers between July 1–7, with a peak of 2.9 million on July 6

3.  Staffing & Fatigue:  Holiday shifts often run lean, and overworked IT/help‐desk personnel are more susceptible to social-engineering ploys.

4.  Surge in Automated Attacks:  Fortinet reports global automated scanning rose 16.7%, hitting 36,000 scans/sec, while 1.7 billion stolen credentials circulate on dark-web markets—driving a 42% surge in credential-based attacks. The U.S. alone faced 61% of ransomware incidents in 2024.

Potential Impacts & Costs
Minor Disruptions: Temporary loss of website or app functionality can delay check-ins, frustrate passengers, and overload call centers.

Major Breaches: Theft of PII leads to identity fraud, regulatory fines, and loss of customer trust. IBM reports the global average cost of a data breach reached USD 4.88 million in 2024—a 10% increase YoY .

Ripple Effects: Disruptions cascade through partner ecosystems—ground handlers, catering services, and interline carriers—multiplying operational headaches.

Hardening Measures for Airlines & Transport Operators
Strengthen Help-Desk Protocols: 

1.  Enforce multi-factor verification (e.g., callback to corporate directory) before resetting credentials.

2.  Use “secret shopper” exercises to test staff adherence.

Phishing-Resistant MFA

1.  Migrate to hardware-based tokens (e.g., FIDO2 keys) or push-based mobile authenticators less prone to social-engineering circumvention.

Network Segmentation & Monitoring

1.  Isolate critical systems (reservation platforms, crew-scheduling servers) behind strict firewalls and zero-trust micro-segments.

2.  Deploy behavioral-analytics tools to flag anomalous logins or data exfiltration.

Incident Response Readiness

1.  Maintain playbooks for rapid containment, forensic triage, and communication with regulators (e.g., TSA cybersecurity liaison, FBI).

2.  Conduct quarterly tabletop exercises simulating Scattered Spider tactics.

Tips for Travelers
Avoid Public Wi-Fi: Use personal hotspots or trusted VPNs in airports/hotels.

Verify URLs Manually: Access airline and booking sites directly; beware of phishing SMS or email links.

Enable MFA: Wherever available, on loyalty programs and booking platforms.

Monitor Statements: Early detection of unauthorized charges or account changes.

Stay Informed: Follow carrier advisories and enroll in security alerts—62% of travelers report heightened concern about online safety this summer.

As the FBI’s June 28 advisory makes clear, Scattered Spider isn’t testing defenses—it’s actively exploiting social‐engineering gaps in airlines and transport systems . With TSA screening nearly 18.5 million passengers in the first week of July alone and the average cost of a data breach now at $4.88 million , the financial and operational stakes have never been higher.

The path forward is twofold: carriers must harden their perimeters—enforcing phishing‐resistant MFA, tightening help‐desk verification, micro‐segmenting networks, and routinely running incident‐response drills—while travelers do their part by using trusted VPNs, verifying URLs manually, and enabling MFA on all travel‐related accounts. Only through this shared vigilance can we ensure that summer travel remains an adventure to remember, not a cautionary tale.

Sources:  Travel Weekly, BBC, Reuters, Dark Reading