Japan Airlines (JAL), one of the country's largest air carriers, was targeted in a cyberattack on December 26, causing delays to more than 20 domestic flights during one of the busiest travel periods of the year. The incident disrupted operations for several hours but did not compromise flight safety, the airline confirmed.
The attack began early Thursday morning, disrupting JAL's internal and external computer systems. The airline identified the issue as a Distributed Denial of Service (DDoS) attack-a method designed to overwhelm networks with excessive data transmissions, rendering systems unresponsive. JAL swiftly restored its systems, resuming ticket sales and normal operations within hours. The airline emphasized that no customer data was compromised and no computer viruses were involved.
The cyberattack struck during Japan's peak travel season as millions of people prepared to return to their hometowns for the New Year holidays. Television footage showed crowded terminals at Tokyo's Haneda Airport, with passengers scrambling to adjust to the delays caused by the disruption.
"JAL's ticket sales for both domestic and international flights scheduled for departure on Thursday were suspended," the airline stated. However, the suspension was lifted once the systems were stabilized.
Chief Cabinet Secretary Yoshimasa Hayashi commented on the incident, stating that the transport ministry had instructed JAL to expedite system repairs and provide support to affected passengers. Other Japanese airlines, including ANA Holdings, Skymark, and Starflyer, were not impacted.
Japan Airlines is no stranger to cybersecurity challenges. The attack raises fresh concerns about the vulnerabilities in Japan's digital infrastructure. Experts have frequently warned about the nation's cybersecurity shortcomings, particularly as it strengthens defense ties with countries like the United States, where cyber defenses are more robust.
The incident comes on the heels of other high-profile cyberattacks in Japan. In June, the Japan Aerospace Exploration Agency reported a series of cyberattacks, although sensitive defense-related data was not compromised. Similarly, a cyberattack last year paralyzed operations at a container terminal in Nagoya for three days. These incidents highlight the growing need for enhanced cybersecurity measures across critical sectors.
DDoS attacks, like the one targeting JAL, are notoriously difficult to attribute to specific actors. They often leverage compromised devices, including Internet of Things (IoT) equipment, to flood systems with traffic. Cybersecurity firm Cloudflare likens such attacks to an "unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination."
The motive and identity of those responsible for the JAL attack remain unclear. While no group has claimed responsibility, the incident underscores the rising threat of cyberattacks on critical infrastructure during high-pressure times.
