Opinion: CyberAttacks—The Emerging Travel Risk In 2025

Malicious actors have increasingly targeted the travel industry in recent months, prompting growing concern among experts. Cyberattacks on airlines, rail systems, and booking platforms are on the rise—and the likelihood of more attacks in the coming weeks and months is high

There are many things a traveler typically considers before a trip: a valid passport, local currency, cultural differences, language barriers, and general safety risks. Most still focus on avoiding pickpockets or steering clear of unsafe neighborhoods when booking an Airbnb. But it may be time to add cyberattacks to the list of travel concerns.

A recent report revealed a staggering  600% increase in ransomware attacks on the aviation sector. Between January 2024 and April 2025, around 22 different ransomware groups were behind 27 major cyberattacks.

In the past few days, we’ve seen outages and incidents generated by hackers toward popular airlines and train systems. Hawaiian Airlines confirmed its IT systems had been hit by a cyberattack on June 26. Australia’s flagship airline, Qantas, lost data from  around 6 million customers in a cyberattack and reported it on July 2. The U.S. Cybersecurity and Infrastructure Security Agency warned that a vulnerability in the U.S. train system could allow hackers to control brakes remotely on July 10. A few days later, Alaska Airlines had to ground all 200 of its planes for three hours due to an IT outage on July 21. And this week, pro-Ukraine hackers claimed an attack on Russia’s national airline, Aeroflot, forcing the airline to cancel over 40 flights and delay dozens more.

What is happening in the travel industry? While many details remain unclear, one fact is undeniable: tens of millions of passengers have already been affected by recent cyber threats. Even the world’s largest airlines have struggled to prevent disruptions and data breaches.

Travelers and Airlines Are Losing Control of Data

It might be time for travelers to start demanding stronger cybersecurity measures from their preferred airlines. One of the most frequent incidents in the travel industry in recent weeks has involved ransomware attacks, where malicious actors gain access to travelers’ personal data.

Fortunately, in most cases, financial information and passport IDs have been stored in encrypted systems that hackers haven’t been able to reach. But what about email addresses, home addresses, full names, phone numbers, and even biometric data?

More and more airlines have fallen victim to sophisticated cyberattacks, prompting warnings from cybersecurity experts.

“The aviation industry has become a digital battlefield with significant economic and geopolitical interests at stake,” said Ivan Fontarensky, CTO, Cyber Detection and Response at Thales, in its recent report on ransomware attacks in the aviation sector.

“The sharp increase in the number of attacks calls for a holistic approach to aviation cybersecurity, further moves to incorporate AI as an ally, and closer collaboration between industry and the public sector.”

Stakes Are Higher For Frequent Travelers

Those travelers who rely on the same travel companies to reach multiple destinations every year are at greater risk. It’s often more convenient to share personal information with these companies to speed up the booking process. But that convenience comes at a cost: the more information stored, the more attractive the target becomes for cybercriminals.

Frank Harrison, Regional Security Director of the Americas at World Travel Protection, said in a recent interview with Business Travel News that travel managers must monitor travel data closely.

“For business travelers and travel managers, the stakes are particularly high,” Harrison said in an email. “Exposed personal information can result in identity theft or fraud, while operational disruptions may impact key business activities. Organizations should ensure robust cybersecurity practices are in place, such as using strong, unique passwords, enabling multi-factor authentication, and educating employees about phishing risks.”

But data theft from vulnerable internal systems isn’t the only threat passengers face while traveling in 2025.

Avoid Airport Wi-Fi And USB Ports

As sophisticated cyberattacks targeting travel service providers continue to evolve, more traditional airport risks—like free Wi-Fi and USB charging stations—haven’t gone away. In fact, the once-overlooked technique known as “juice jacking” is making a comeback, as hackers have found inexpensive ways to tamper with public USB ports.

“Hackers can install malware at USB ports (we’ve been told that’s called ‘juice/port jacking’),” said the U.S. Transportation Safety Administration (TSA) on Facebook earlier this year. “So, when you’re at an airport, do not plug your phone directly into a USB port. Bring your TSA-compliant power brick or battery pack and plug in there.”

The TSA also recommends avoiding airport Wi-Fi—especially when making purchases or accessing sensitive information. While many mobile apps like WhatsApp and iMessage use end-to-end encryption, not all websites are secure, and travelers risk connecting to “evil twin” networks—fake Wi-Fi hotspots set up by hackers to mimic legitimate ones.

Delays At The Airport

Another growing issue linked to recent cyberattacks is widespread delays, long lines, and overcrowded airports. After Alaska Airlines grounded its entire fleet and delayed flights for over three hours, travelers shared videos and photos of packed terminals and exhausted passengers desperate to reach their destinations.

Trying to fly back to Austin from Seattle. Sea-Tac is a madhouse right now. Alaska Airlines ground stop. These crowds speak for themselves. pic.twitter.com/JzQ4YdHF11

— Adam Bennett (@AdamBennettKVUE) July 21, 2025

Similar scenes—hundreds of people waiting in terminals for systems to be restored or flights to resume—have flooded social media as multiple airlines around the world grapple with cyber incidents.

There are reports that it might take several months to restore Aeroflot’s systems.

The company itself continues calling this a “glitch in the IT system”. https://t.co/zU1uMXyjgc pic.twitter.com/0pOkPoGMKI

— Anton Gerashchenko (@Gerashchenko_en) July 28, 2025

In these moments of frustration, it becomes even more tempting for travelers to connect to free Wi-Fi or plug into public USB charging stations—unwittingly putting their personal data at risk.

Cybersecurity Measures for Travelers

As a customer, it can be difficult to know whether your airline or train service provider has implemented strong cybersecurity measures to protect the data you share. Fortunately, there are still steps travelers can take to safeguard themselves.

Start by ensuring your devices are fully charged before heading to the airport, and carry a reliable power bank. Download your favorite shows or work files over a secure home network ahead of time. In 2025, protecting your entertainment—and your data—has become more important than ever.

Flight disruptions and outages caused by cyberattacks are no longer rare exceptions; they’re increasingly part of the travel experience, not just typical airline delays. Using a trusted VPN can also offer an extra layer of protection and peace of mind.

While travelers can take steps to stay safe, it’s equally important to demand that travel service providers respond to this growing threat. Companies must take responsibility for strengthening their systems and protecting customer data in light of the rising wave of cyberattacks.

And, finally, just brace yourselves. Experts such as Bruce McIndoe, president of McIndoe Risk Advisory, warned recently: “This is going to continue for months and months as they continue to be successful.”