Introduction

Cyber risk in aviation now affects far more than IT systems - it can directly impact operations, maintenance planning, and compliance assurance.

This article reviews real aviation cyber incidents from 2022 to 2026 to show how disruptions spread across operational and MRO interfaces, highlighting common failure modes and the practical controls organisations can apply to strengthen resilience. Guest post by Sofema Instructor - Rustom Sutaria. 

1. 2022: Swissport Ransomware – Ground Handling & Cargo Interface

In 2022, Swissport was hit by ransomware and took systems offline while containing the incident.

•  Operational impact: Airport operations shifted to manual processing, causing queues, missed connections, and delay propagation across airline networks.

•  Maintenance impact/MRO lens: Slower turnarounds created schedule instability, rotation changes, and increased line maintenance volatility.

•  Key question: Who “owns” the operational risk when on-time performance depends on third-party cyber resilience?

 

2. 2022: Jeppesen (Boeing) Cyber Incident – Flight-Planning Systems

In 2022, Jeppesen services were impacted by a cyber incident that disrupted certain flight-planning products and related services.

•  Operational impact: Dispatch became data-limited, with planning, routing, and navigation-data distribution constraints creating potential operational hazards.

•  Maintenance impact/MRO lens: Irregular operations - including re-routes, altered alternates, and changes in MEL utilisation - shifted maintenance planning assumptions and influenced deferred defect trajectories.

•  Key question: Where is your organisation’s “minimum viable dispatch” line when flight and maintenance planning tools are degraded?

 

3. 2023: FEAM Aero Ransomware Claim - MRO & Line Maintenance Footprint

In 2023, FEAM Aero was publicly reported to have been a ransomware victim, highlighting the vulnerability of multi-station maintenance providers to cyber disruption.

•  Operational impact: Disruption across an MRO network can slow return-to-service timelines and reduce maintenance availability for customer operators.

•  Maintenance impact/MRO lens: IT outages can disrupt workpacks, task cards, parts ordering, engineering records, and access control, jeopardizing record integrity and traceability.

•  Key question: What actions should be taken if an MRO cannot access its maintenance system of record for 48 hours?

 

4. 2023: Boeing Parts & Distribution Cyber Incident – Supply Chain Shock

In 2023, Boeing reported a cyber incident affecting parts and distribution operations, highlighting the vulnerability of aviation supply chains to digital disruption.

•  Operational impact: While less visible than a flight-operations outage, a supply disruption can quietly increase delays by reducing parts availability and creating logistics constraints.

•  Maintenance impact/MRO lens: Spares shortages can extend AOG time, force logistics workarounds, and increase reliance on alternative sourcing, where quarantine and traceability controls become critical.

• Key question: How does cyber resilience appear within your spares performance indicators, such as fill rate, backorder age, and AOG exposure?

 

5. 2024: Technical Dependence Fragility

Industry commentary increasingly highlights that aviation’s interconnected, legacy-heavy technology environment can experience major disruption even without a confirmed cyberattack.

•  Operational impact: Contingency planning must address both cyber and non-cyber technology failures, ensuring organisations can operate safely in degraded modes using manual fallbacks and clear prioritisation.

•  Maintenance impact/MRO lens: Digitisation (eTech logs, e-
signatures, connected tooling) demands credible offline ‘work-as-done’ procedures and reconciliation.

•  Key question: Which safety-critical maintenance tasks in your organisation cannot tolerate loss of digital identity or access services?

 

6. 2025: Hawaiian Airlines Cyber Incident - Airline Internal IT Disruption

In 2025, Hawaiian Airlines reported a cybersecurity incident that disrupted parts of its IT systems while confirming that flight operations continued safely.

• Operational impact: The event highlighted the importance of clearly separating IT service disruption from actual safety impact, particularly when managing public messaging and coordinating with regulators.

• Maintenance impact/MRO lens: Even when flying continues, maintenance control, access to technical records, defect management, and release documentation can all be affected by reduced data availability or integrity concerns.

•  Key question: Which maintenance decisions in your organisation become higher risk when data integrity or system availability is uncertain?

 

7. West Jet Cybersecurity Incident - App & Internal Systems: Later Notifications

In 2025, WestJet disclosed a cybersecurity incident affecting its internal systems and customer app, with later reports indicating possible exposure of passenger data.

•  Operational impact: Disruption to customer-facing systems increased communication pressure, while peaks in support demand increased the risk of social engineering attempts.

•  Maintenance impact/MRO lens: Helpdesk overload and credential-reset workflows can affect contractor and vendor accounts, creating potential access risks for maintenance and engineering support functions.

•  Key question: How does your organisation secure contractor access when support channels are overloaded during an incident?

 

8. Qantas Customer-Data Breach

In 2025, Qantas confirmed a cyberattack that potentially exposed customer data via a third-party contact centre platform.

•  Operational impact: The incident highlighted the risk of supplier concentration, showing that disruption outside airline core systems can still create significant operational exposure.

•  Maintenance impact/MRO lens: The same dependency pattern exists across maintenance ecosystems, including hosted engineering tools, external service providers, training platforms, and parts marketplaces.

•  Key question: How does your organisation assure the security of critical suppliers without inheriting their full risk exposure?

 

9. Collins Aerospace Cyberattack - Vendor Multi - Airport  Disruption

In 2026, a cyberattack affecting Collins Aerospace disrupted check-in and boarding systems at multiple major European airports.

•  Operational impact: The event demonstrated a shared-service concentration risk, in which a single supplier outage triggered manual processing, delays, and cancellations across several hubs.

•  Maintenance impact/MRO lens: Large-scale, irregular operations increased line maintenance volatility and raised the risk of documentation errors under time pressure.

•  Key question: What policies does your organisation have to protect maintenance documentation quality during mass disruption and manual operations?

 

What Aviation Organisations Should Focus on Now

Strengthening resilience at the operational–maintenance interface comes down to three priorities:

• Harden systems by identifying critical digital dependencies, reducing supplier risk, securing access controls, and protecting maintenance records.

• Train people to operate safely in degraded conditions, including dispatch, maintenance teams, contractors, and suppliers.

• Verify controls through testing offline procedures, validating degraded-mode operations, and auditing supplier resilience.

 

Next Steps

Sofema Aviation Services and Sofema Online provide Information and Cyber Security Regulatory Training as Classroom, Webinar and Online Training – Please see the websites or email team@sassofia.com.