Cyber Incident Victim: Japan Airlines
Date:
Dec 2024
Location:
Japan
Summary
Japan Airlines experienced a system malfunction caused by a distributed denial-of-service (DDoS) attack that disrupted network equipment, leading to flight delays, suspension of same-day ticket sales, and impacts on passenger baggage management systems and mobile services. The carrier restored operations after temporarily shutting down affected systems, confirming no customer data leaks, virus damage, or flight safety compromises, though over 40 flights were delayed across domestic and international routes during the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 26, 2024, Japan Airlines (JAL) experienced a cyberattack that disrupted its operations, leading to delays for multiple domestic and international flights. The incident stemmed from a sudden surge in traffic targeting network equipment responsible for data communication with external systems, consistent with a distributed denial-of-service (DDoS) attack. Upon detecting the malfunction, JAL temporarily shut down the affected system to contain the disruption. This action necessitated the suspension of same-day ticket sales and impaired certain passenger-facing online services. The attack also impacted systems managing passenger baggage handling and rendered the airline’s mobile app inoperable. JAL confirmed no compromise of customer information occurred and stated no computer viruses caused damage to its infrastructure. Flight safety remained unaffected throughout the incident. The airline advised passengers with delayed or canceled flights to contact its support channels for assistance. Over 40 flights across Japanese airports faced delays on the day of the attack, though some disruptions were attributed to unrelated factors like adverse weather conditions. JAL did not identify the threat actors responsible for the attack in its initial statements.
The airline restored its systems by the following day, December 27, and announced normal flight operations would resume as scheduled. Service recovery included reactivating the baggage management infrastructure and mobile app functionality. JAL emphasized operational continuity while acknowledging lingering passenger inconvenience from the previous day’s disruptions. No further technical details regarding attack mitigation or forensic findings were disclosed publicly. The incident highlighted persistent cybersecurity risks within the aviation sector, though JAL’s containment measures prevented prolonged operational paralysis. Passenger communications focused on logistical updates rather than technical specifics of the attack vector or defensive actions taken. Flight schedules stabilized following system restoration, with no additional delays linked to the cyberattack beyond the initial 24-hour period.