Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Duke

Blog Incident database Request access

Loading database

Indexing incidents

Fetching SEC-disclosed cyber incidents and Duke's breach taxonomy…

Duke

Blog Incident database Request access

Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Alaska Air Group, Inc. Unknown (2025) | SEC Cybersecurity Incident | Duke Security

Duke

Blog Incident database Request access

← Back to incidents

Incident · Unknown

Alaska Air Group, Inc. · ALK

IndustrialsUSAIncident June 23, 2025Filed June 27, 2025

Impact score

Business continuity

—

Insurance involved

Not disclosed

Filing

8-K · 8.01

Breach taxonomy

UnknownMalwareProduct ServiceNetwork Security

Summary

On June 23, 2025, Hawaiian Airlines, a subsidiary of Alaska Air Group, Inc., identified a cybersecurity incident affecting certain information technology systems. The company took immediate steps to safeguard operations and systems; flights continued operating safely and on schedule. Authorities and cybersecurity experts were engaged for investigation and remediation. Materiality had not been determined as of the filing date. Filed under Item 8.01; materiality not yet determined as of filing date.

Tagging rationale

ThreatUnknown

Filing does not attribute the incident to any specific actor -> UNKNOWN.

MethodsMalware

Filing states 'cybersecurity incident affecting certain information technology systems' without specifying ransomware, data exfiltration, or other specific method -> MALWARE (non-ransomware, general).

AssetsProduct Service

Filing discloses a cybersecurity incident affecting IT systems at Hawaiian Airlines (airline operations/product); flights continued operating normally -> PRODUCT-SERVICE.

EffectsNetwork Security

Filing discloses compromise of IT systems at a subsidiary with no confirmed data exposure or operational disruption; primary disclosed impact is the security compromise itself -> NETWORK-SECURITY.

Impact

Very early-stage disclosure with flights operating normally, no confirmed data exposure, no operational disruption, and materiality not yet determined -> score 1.

InsuranceNot disclosed

Filing makes no mention of insurance -> null.

Read the original SEC filing excerpt

ITEM 8.01. Other Events On June 23, 2025, Hawaiian Airlines, an Alaska Air Group, Inc. subsidiary, identified a cybersecurity incident affecting certain information technology systems. Upon learning of this event, we immediately took steps to safeguard Hawaiian's operations and systems. Flights are currently operating safely and as scheduled. We have engaged the relevant authorities and experts to assist in our investigation and ongoing remediation efforts. The Company has not yet determined whether the incident is reasonably likely to materially impact the Company's financial condition or results of operations.

View SEC filing Back to database

Get alerts on new incidents

Drop your email and we’ll let you know when fresh SEC disclosures land in the database. No spam.

More in Industrials

Unknown · April 20, 2026

ADT Inc.

ADT became aware on April 20, 2026 of unauthorized access to certain cloud-based environments. The company terminated the access, activated …

Unknown · March 11, 2026

Trio-Tech International, Inc.

On March 11, 2026, a Singapore-based subsidiary of Trio-Tech International experienced a ransomware attack that encrypted files on the compa…

Unknown · February 14, 2026

UFP Technologies, Inc.

On or about February 14, 2026, UFP Technologies detected unauthorized access to its IT systems, affecting billing and label-making functions…

Unknown · September 19, 2025

RTX Corporation

On September 19, 2025, RTX Corporation identified a ransomware incident on systems supporting its Multi-User System Environment (MUSE) passe…