Japan Airlines recovers from cyber-attack; announces resumption of flights from Dec 27

Japan Airlines (JAL), the second-largest carrier in Japan after All-Nippon Airways (ANA), is the latest victim in the series of cyber-attacks on the global aviation sector in recent times. However, JAL recovered swiftly from the December 26 cyber-attack, which had delayed many flights, and announced by evening (around 7.40pm in Japan) that its systems were restored and flight movements would be normalised from December 27.

An X post by Japan Airlines informed today: “[Notice regarding network equipment malfunction as of 19:40]. There was a system malfunction with our network equipment today, but it has now been resolved. As of now, flights for tomorrow, December 27th, are scheduled to operate as normal. We apologize for any inconvenience caused.”

Earlier in the day, Associated Press had reported that “the cyber-attack had delayed 24 domestic flights for more than 30 minutes”.

The news agency quoted Japan Airlines as saying that “the problem started [on] Thursday morning when the company’s network connecting internal and external systems began malfunctioning”.

Soon, Japan Airlines identified the root cause of the trouble “as an attack intended to overwhelm the network system with massive transmissions of data”.

AP explained that cyber-attacks of this type “flood a system or [a] network with traffic until the target cannot respond or crashes”. In tech parlance, this is called a “DDoS attack”, short for “distributed denial of service”.

Japan Airlines said that there was no virus in its system or any customer data leaks resulting from the cyber-attack. It had first noticed the problem this morning (around 7.25am in Japan) when snags began to crop up in its luggage check-in system. Acting quickly, the carrier suspended all ticket sales — domestic and international — for the rest of the day.

The aviation sector remains highly vulnerable to cyber-crimes, as said in a December 2024 report by the global commercial law firm Clyde & Co. “The aviation industry has seen a surge in ransomware attacks in recent years and cyber incidents are a serious threat to business continuity, as was seen during the recent CrowdStrike outage in July 2024 which although not caused by bad actors, brought chaos to many airlines as well as other industries,” it said in the summary of findings.

Data shows that cyber-attacks rose by 131% between 2022 and 2023 across the aviation industry, with the highest proportion of attacks focussed on airspace users. The financial and reputational implications for the aviation industry of failures in cyber-security are enormous.

Clyde & Co market insight report

The CrowdStrike outage affected a number of business sectors, from aviation to banking, and even medical services. This outage was not caused by “bad actors” in the sense that the reason was a faulty update to security software and not a cyber-crime incident. However, it revealed how easily digitalised systems could be impacted.