On December 26, 2024, Japan Airlines (JAL), one of Japan's most iconic and well-known airlines, suffered a cyberattack that severely disrupted its operations. This attack on Japan Airlines coincided with one of the most critical seasons of the year for Japanese air travel, as thousands of people were traveling for the New Year's celebrations.
During this time, Japan’s airports are filled with passengers returning to their homes, which increases the demand for both domestic and international flights from Japan Airlines. The disruption of Japan Airlines' services, which affected both domestic and international routes, not only caused significant delays in more than 20 flights but also led to temporary chaos at airports, especially at Tokyo's Haneda International Airport.
Authorities and the airline were forced to work quickly to restore systems and minimize the negative effects on passengers. This cyberattack on Japan Airlines is not an isolated event but is part of a growing series of cybersecurity incidents that have affected institutions and businesses in Japan.
In recent years, the country has been targeted by multiple large-scale attacks, exposing the vulnerability of its digital infrastructures. Despite the Japanese government's efforts to strengthen cybersecurity and collaborate with international partners like the United States, the technology industry remains a preferred target for cybercriminals.
In this context, the attack on Japan Airlines highlights the urgent need for greater preparedness against cyber threats in critical sectors like aviation. Although Japan Airlines was able to quickly restore its systems and stated that there were no data breaches or security issues with flights, the event highlighted the structural weaknesses and challenges Japan faces in its fight against cybercrime.
This article from ITD Consulting will examine in detail the incident with Japan Airlines, its immediate effects on the airline’s operations and passengers, as well as the lessons learned and measures that should be taken to improve cybersecurity in Japan in the future.
The Cyberattack on Japan Airlines: A Timeline
The attack on Japan Airlines began on the morning of December 26, 2024, around 7:24 a.m. local time. According to reports from Japan Airlines, the incident affected both internal and external systems connecting the company's various operations. Japan Airlines, in an official statement, explained that the problem originated from a failure in the network equipment that linked its internal systems to external ones, a failure that resulted in a significant disruption in data communication between different platforms.
The type of cyberattack Japan Airlines suffered was identified as a distributed denial-of-service (DDoS) attack. In this type of attack, an attacker uses multiple computers to send large volumes of traffic to a victim’s servers, overwhelming the network and causing it to collapse. These attacks are designed to interrupt access to systems or servers, leaving the targeted organization unable to operate normally.
Despite the magnitude of the attack, Japan Airlines assured that it was not a ransomware attack or one aimed at stealing sensitive customer information. Japan Airlines also emphasized that there was no evidence of virus infiltration or data breaches involving passenger information, which was a relief to both customers and the company’s management. Nevertheless, the effects of the cyberattack were immediate, affecting the airline’s operations for several hours.
As a result of this cyberattack, Japan Airlines experienced delays in at least 24 domestic flights, with some of these delays exceeding 30 minutes. Furthermore, Japan Airlines temporarily suspended the sale of tickets for that day’s flights, both domestic and international, which further complicated the situation for passengers.
Although the sale of tickets resumed a few hours later, travelers found themselves caught in a rebooking process while airline officials worked to restore their systems.
The Impact on Passengers and the Airline Industry
Although the attack did not cause mass flight cancellations for Japan Airlines nor compromise the security of those flights, the disruption was significant enough to affect thousands of passengers during one of the busiest air travel seasons in Japan. Images broadcast by the media showed long lines of passengers at Haneda International Airport, one of the largest in Tokyo, trying to manage their delayed or rebooked Japan Airlines flights.
The holiday season is a critical time for air travel in Japan, as millions of people travel to reunite with family for the New Year's celebrations. Delays in Japan Airlines flights, which included both domestic and international destinations, created an atmosphere of frustration and chaos at airports, further complicating already tense circumstances.
The situation at airports was worsened by the proximity of the New Year holidays, one of the most important celebrations in Japan. During this period, the demand for flights increases considerably as millions of people travel back to their hometowns. The fact that the cyberattack on Japan Airlines coincided with this peak in demand meant that the impact was much greater than it would have been during a less busy time.
Although other Japanese airlines, such as All Nippon Airways (ANA) and Skymark Airlines, did not experience similar issues during this incident, the attack highlighted the vulnerability of the Japanese airline sector to potential cyber threats. Airlines are increasingly dependent on information technologies to manage bookings, ticket sales, flight operations, and communication with passengers. A large-scale attack on these systems can have significant repercussions, not only in terms of operations but also in consumer trust.
The Response of Japan Airlines and Japanese Authorities
Japan Airlines’ response to the cyberattack was quick and effective. The airline identified and deactivated the affected router, which allowed for the partial restoration of the impacted systems. Despite the disruptions in operations, Japan Airlines did not suffer a total collapse of its services, which could have worsened the situation even further.
Japan Airlines also ensured that it was working closely with authorities to investigate the origin and scale of the attack, in order to prevent future incidents of this nature. Japan’s Ministry of Transport, led by Chief Cabinet Secretary Yoshimasa Hayashi, urged Japan Airlines to accelerate efforts to restore its systems and accommodate the affected passengers.
During a press conference, Hayashi emphasized the importance of ensuring that flights resumed as quickly as possible, given the high demand for travel during the year-end period. The Ministry also stated that it was closely monitoring the situation and providing assistance to the airline to minimize disruptions for passengers.
Despite the initial difficulties, Japan Airlines’ recovery efforts succeeded in restoring normal operations. Ticket sales resumed hours after the incident, and the delays were managed as quickly as possible. However, the damage to Japan Airlines' reputation and the economic losses resulting from the attack were inevitable, at least to some extent.
Cybersecurity in Japan: Challenges and Vulnerabilities
The cyberattack on Japan Airlines is not an isolated case. Despite being one of the world’s leading economic powers, Japan has faced growing threats in the field of cybersecurity. Digital security experts have repeatedly warned about the vulnerabilities in the country’s critical infrastructures, which range from air transport to national defense and industrial infrastructure.
The incident with Japan Airlines is merely the latest in a series of large-scale cyberattacks targeting Japanese companies and institutions in recent years. In June 2024, Japan's Aerospace Exploration Agency (JAXA) suffered a similar attack, although in this case, sensitive information related to missiles, satellites, and other areas was not compromised.
This attack highlighted the growing threat to Japan’s technological infrastructures, which, despite being highly developed, remain vulnerable to cyberattacks. The private sector has also been targeted by cybercriminals. In 2022, an attack on a supplier to Toyota forced the automaker to halt production in its factories in Japan for an entire day, resulting in significant financial losses.
Moreover, last year, a cyberattack on a container terminal at the Port of Nagoya caused a three-day disruption to operations, affecting supply chains and international trade.
These incidents underline the weaknesses in Japan’s digital infrastructures and the lack of preparedness against cyber threats, despite the Japanese government's efforts to strengthen cybersecurity. Although Japan has made progress in implementing policies and strategies to improve its digital security, cyberattacks continue to be a constant challenge.
Security Measures and Progress
The Japanese government has implemented several initiatives to improve cybersecurity, such as the National Cybersecurity Strategy, which aims to protect the country’s critical infrastructures. In recent years, Japan has also intensified its cybersecurity cooperation with countries like the United States, with the goal of enhancing its capacity to face growing cyber risks. However, digital security experts point out that the country still has more to do to improve the resilience of its critical infrastructures in the face of cyberattacks.
At the corporate level, many Japanese companies still rely on outdated technological infrastructures that are more susceptible to cyberattacks. Furthermore, the lack of skilled cybersecurity personnel is a significant obstacle to a quick and effective response to incidents. Companies must invest in upgrading their systems, improving security protocols, and training their staff to address threats more efficiently.
The cyberattack on Japan Airlines (JAL) not only highlighted the vulnerabilities of one of Japan's leading airlines but also illuminated a crucial global issue: cybersecurity is no longer a luxury or an option, but an urgent necessity, especially in critical sectors such as air transport. Although Japan Airlines' response was efficient, and there were no reports of data leaks or disruptions to flight security, the incident made it clear that the digital landscape is rife with risks that can have immediate and devastating consequences.
The speed with which Japan Airlines' systems were restored and the damage minimized was a testament to the company's internal preparedness, but it is important to remember that cybersecurity resilience is a continuous process, and this attack could have had a much greater impact had swift and appropriate measures not been taken.
This attack on Japan Airlines is just one chapter in a broader narrative of cyber threats that Japan, like many other nations, faces in the digital age. As the country moves toward greater digitalization and automation in sectors such as transportation, healthcare, and industry, cyber infrastructures are becoming increasingly attractive targets for attackers.
As a leader in technology and industrial production, Japan has a responsibility to protect its most valuable assets, both in the corporate and public sectors. This incident underscores that cybersecurity is not just a technological issue but also a matter of national security, as a successful attack could trigger a chain reaction affecting economic and social stability. Therefore, governments and companies must strengthen their collaboration to develop more robust systems and incident response capabilities, preparing to defend against increasingly sophisticated threats.
Moreover, the Japan Airlines attack highlights the need for increased investment in the training and education of cybersecurity experts. Despite the Japanese government's efforts to strengthen its cyber infrastructure, the country remains vulnerable due to a shortage of highly skilled personnel in the field.
Cyber threats are constantly evolving, so it is essential for companies, particularly those managing critical infrastructures like air transport, to invest in the continuous training of their staff to detect and prevent attacks before they occur. This attack on Japan Airlines should serve as a wake-up call for Japan, and for all nations in general, to redouble their efforts to establish a strong cybersecurity culture that not only includes technology but also education, preparedness, and global collaboration.
In an increasingly interconnected world, digital security must be a cornerstone in building a resilient future against cyber threats. f you would like to learn more about the Japan Airlines case and the cybersecurity measures that should be taken to avoid exposure, feel free to contact us at [email protected]. Our specialized cybersecurity team can help ensure your business does not face the same risks.
EN 
ES