Scattered Spider Targets Airlines and Insurers

Scattered Spider Is Back: Why Airlines and Insurers are at Risk, and How mePrism Privacy Can Help

The Threat Is Escalating

Scattered Spider, a known cybercriminal gang, has resurfaced with sharper tactics and a renewed focus. In summer 2025, they launched a wave of targeted cyberattacks against airlines and insurance companies, prompting urgent FBI warnings.

Scattered Spider excels not only in hacking but in using data broker information to impersonate employees, bypass multi-factor authentication, and exploit internal systems. These tactics allow them to breach networks with alarming speed and accuracy.

Organizations using mePrism Privacy are better protected by cutting off attackers' access to personal data.

Aviation Under Siege

In June and July 2025, major airlines including Qantas, WestJet, and Hawaiian Airlines suffered coordinated attacks. Each showed signs of Scattered Spider activity.

Qantas confirmed a breach via a third-party vendor. WestJet reported a help desk-based intrusion. Hawaiian Airlines experienced customer system disruptions. The FBI has formally warned the aviation industry, including support vendors, about active threats.

Aviation is a prime target because it is critical infrastructure. Disruptions affect travel, trade, and national security. It relies on outdated systems often lacking strong defenses. And it holds extensive customer data useful for extortion.

Insurance in the Crosshairs

Soon after, the insurance industry came under fire. In June 2025, attacks struck Aflac, Erie Insurance, and Philadelphia Insurance Companies.

Erie and Philadelphia experienced prolonged network outages. Aflac confirmed unauthorized access using impersonation tactics. These companies store highly sensitive data such as health records, Social Security numbers, and financial information. These data types make insurers prime cyberattack targets.

How Scattered Spider Gets In

Scattered Spider avoids brute force. Instead, they rely on social engineering enabled by data brokers.

Their attack playbook includes impersonating employees during calls to IT support using accurate data, such as names, job roles, and phone numbers. They bypass multi-factor authentication through SIM swaps or by overwhelming users with repeated prompts. Once inside, they steal administrative credentials to move laterally across systems.

They also target third-party vendors by using data broker records to map relationships and breach weaker points. Finally, they use double extortion: encrypting systems and threatening to leak stolen data unless a ransom is paid.

These attacks are personalized, timed, and highly effective.

The Role of Data Brokers

Data brokers provide Scattered Spider with the tools to act like insiders. They sell names, job titles, emails, phone numbers, and organizational charts. This information enables impersonation, phishing, SIM swapping, and vendor-based exploits.

When attackers know your org chart and vendors, they can bypass even the best technical defenses by targeting your people.

How mePrism Privacy Fights Back

mePrism Privacy removes personal and business data from over 600 data broker sites. This is more than privacy protection—it is a security strategy.

mePrism scans the web to identify where your company’s data is listed. It sends legal and automated takedown requests to remove that data. It continuously monitors for reappearances and provides a central dashboard where you can control and track privacy actions across brokers and platforms.

Removing this data reduces impersonation risk, decreases phone and email leaks, closes third-party exploit paths, and enables real-time alerts and tracking.

Real-World Scenario

Before mePrism, an attacker could buy a data broker list, call your IT help desk pretending to be a real employee, trick staff into changing MFA settings, and install ransomware while exfiltrating data.

After mePrism, the attacker’s list is outdated or missing key info. Impersonation fails. Staff flags the suspicious request. There is no breach and no downtime.

What You Can Do Now

Cybersecurity tools aren't enough. You need to eliminate the data attackers use.

Enroll your company in mePrism Privacy. Prioritize data removal for executives, IT personnel, and vendors. Use mePrism’s dashboard to track your data exposure.

Sectors like aviation, insurance, finance, and healthcare face the greatest risks. Don’t wait for a breach.

Final Word

Scattered Spider is evolving. Your defenses must evolve too.

mePrism helps cut off the data these attackers use to breach your systems. It's simple, scalable, and effective.

Take control. Start with mePrism.

Explore more from Our Team

Browse more posts written by our team to help you stay in control.