Five days after Hawaiian Airlines quietly disclosed a cybersecurity breach, travelers still haven’t been told what information may have been compromised or how they may be affected. That silence from Hawaiian is drawing more scrutiny, especially after the FBI confirmed that a sophisticated group of hackers is now actively targeting the US airline industry.
Meanwhile, other airlines hit in the same wave of attacks have already notified passengers, explained what went wrong, and offered support.
How other airlines responded quickly.
Qantas moved fast. The Australian airline reported that hackers had accessed a third-party call center system and breached a database containing the personal data of six million passengers. Within 48 hours, Qantas notified federal authorities, confirmed what types of data were involved, and began contacting customers. The airline also created a dedicated helpline and web page to support affected passengers.
WestJet in Canada issued a public statement the same day its systems were disrupted. It confirmed the nature of the attack, explained what services were impacted, and coordinated with cybersecurity agencies. Regular updates from the airline were sent every 12 hours.
These airlines did not delay communication. They did not minimize the issue. And they did not leave passengers guessing. Even if Hawaiian cannot yet explain exactly what happened, saying that much would be better than saying nothing.
Hawaiian’s silence breaks the pattern.
Hawaiian Airlines issued just one brief statement confirming what it called a “cybersecurity event.” The airline stated that its flights were operating normally and had contacted the relevant authorities. But five days later, that is all travelers have been told.
There has been no update, no disclosure of what systems were affected, and no indication whether customer information, including HawaiianMiles profiles, may have been accessed. There is no helpline, no FAQ, and no support link on Hawaiian’s site. The airline has offered no public reassurance beyond a vague acknowledgment that an incident occurred.
You can read Hawaiian’s only public statement here, dated June 26:
https://newsroom.hawaiianairlines.com/releases/hawaiian-airlines-cybersecurity-event
One reader told us, “I waited three hours on hold just to confirm a seat change because the app was down. Now we find out it might have been a hack? We deserve more than silence.”
Why this matters more in Hawaii.
Unlike other US carriers, Hawaiian Airlines plays an outsized role in the state’s travel infrastructure. It is the primary option for interisland flights and the airline of choice for many Hawaii residents and frequent visitors. Most regular flyers have loyalty profiles tied to the HawaiianMiles program, often connected to credit cards and saved personal information.
For many travelers, these profiles include not just names and email addresses, but passport and TSA numbers, birthdates, and saved payment methods. That is the kind of data hackers use to take over accounts, issue fake refund requests, or reset credentials.
If that data were exposed, passengers deserve to know. If it was not, they deserve to be told that, too.
What kind of data could be at risk.
Qantas confirmed that names, contact information, dates of birth, and frequent flyer numbers were accessed. It did not believe financial data was compromised because payment systems are stored separately.
Hawaiian has not said whether anything similar occurred. But most airlines store traveler data across multiple systems, typically involving third-party vendors. That includes booking histories, mileage balances, stored cards, and account preferences.
Cybersecurity experts say these kinds of profiles are increasingly being sold online. They can be used to spoof a traveler, access loyalty points, or even enable identity theft if linked with other exposed information.
A common concern we have heard is that most airline IT systems were built for legacy operations, not modern security threats. As one commenter told us, “It is a disgrace to the IT world to call what most airlines have an actual IT system.”
Hawaii travelers still in the dark.
Some travelers are seeing problems. One told us their booking had crashed during payment, and when they refreshed, the fare had increased by over $300. Another was bumped from a flight they had confirmed months earlier, with no explanation.
We can’t say for sure that these issues are tied to the breach. But the timing isn’t helping, and the airline’s silence leaves passengers with no way to make sense of what they’re seeing.
One reader put it plainly: “Why does Qantas know more about their breach 48 hours later than Hawaiian does in five days?” It’s a fair question. And so far, there’s no good answer.
What travelers can do now.
If you have a HawaiianMiles account or have booked travel recently, it’s a good time to log in and check what’s stored. Remove anything you don’t need, especially saved credit cards, passport numbers, and birthdates. Change your password and be vigilant for any unusual activity in your email or loyalty account.
It’s also worth pointing out that Hawaiian still doesn’t offer two-factor authentication. That’s a big gap, especially now. One traveler reported that after miles were stolen from their account, the airline locked it down and required them to book awards by phone. That might be a fix, but it’s not a plan.
What should Hawaiian have done.
Industry best practices are well established. Airlines are expected to disclose when and how they were breached, confirm which data might be affected, notify customers promptly, and provide a clear path for resolution or support. Qantas did that. So did WestJet.
Hawaiian has done none of it. For a carrier that prides itself on service, this is not just a lapse in communication. It is starting to feel like a failure of trust.
Have you experienced booking issues, HawaiianMiles problems, or unusual activity since the cyberattack was announced? Let us know in the comments. We are following this closely.
Get Breaking Hawaii Travel News
Why silence fire so long? Because Hawaiian Airlines is on HST (Hawaii Slow Time)
We got caught up in this. No clear explanations from HA or Barclays’s Bank as our card had to be reissued to us.
Anytime in the USA when a business gets breached or cyber attacked the end result is a statement to contact Equifax, Transunion, Experian and get a free credit report. Surprised the airline hasn’t even made this kind of statement yet. IMO airlines never want to admit fault or liability no mater what.
It’s way worse than that. As reported in Forbes, Time, etc. this past week, over 16,000,000,000(yes, Billion!) accounts ad passwords were discovered by the FBI for sale on the Dark Webb recently.