Japan Airlines said Thursday morning that its systems had been targeted by a cyberattack, causing delays in domestic and international flights at airports nationwide.
JAL identified the source of the system failure at 8:56 a.m., and its systems appeared to have returned to normal after the router believed to have been causing the disruption was temporarily shut down. Suspended ticket sales for domestic and international flights were resumed at around 2 p.m.
“We deeply apologize for the inconvenience this has caused,” the airline posted on X.
Passengers at Tokyo's Haneda Airport were thrown into confusion by the flight delays.
Katsumi Sakamoto, 61, was supposed to take his 2 p.m. flight to Asahikawa in Hokkaido. But he abruptly received a flight delay notice from JAL without any explanation, and is still trying to figure out when his flight will actually depart.
“There was no communication except for a push notification on my phone,” Sakamoto said, showing his online reservation page.
“When I look at the reservation menu, it says, ‘We have information about your reservation date. Please check the details here.’ When I actually tap on it, there’s no explanation provided. The flights are listed, but that’s about it,” he said.
The automated baggage check-in system also malfunctioned, prompting JAL to set up a manned station, which so far is causing no major trouble for customers.
Chief Cabinet Secretary Yoshimasa Hayashi on Thursday said the transport ministry has urged JAL to do its utmost to restore the system and to respond to affected passengers, many of whom are likely to be holiday-goers.
But fixing the flight schedule may take some time.
“The system failure is about to be fixed, but there is no indication yet as to when the delay in flight schedules will be resolved,” said Tatsuki Shirai, a JAL public relations official.
In JAL's initial statement, the company said it was a "experiencing a cyberattack,” but the wording was later altered to describe a “system failure in network equipment.” A JAL spokesperson said the change was meant to reduce customer anxiety.
Motohiro Tsuchiya, a professor of media and governance at Keio University Graduate School, said the disruption might have been caused by a Distributed Denial of Service attack — known as a DDoS attack — where the perpetrator floods a server with internet traffic to prevent users from accessing connected online services.
“If it is a DDOS attack carried out by someone on the outside when many people are on the move, it might have been simply an attempt to sabotage the business,” he said. “From a more sinister point of view, it could have been a way to manipulate JAL’s stock price."
Although the scope of the damage this time was minimal, Tsuchiya pointed out that incidents like this illustrate why Japan should take steps to boost its cyberattack countermeasures.
“The government began talks this summer to implement what is called 'active cyberdefense,'” he said. “It is yet to have been made into law, but I think this is another case that points to the need for it.”
Some experts, however, doubt JAL's cyberattack claim because the disruption was caused by an issue with the router, which is also typical in a system failure.
“It could be that something got misconfigured ... by human error or by an attack,” said Paul S. Ziegler, the founder and CEO of Reflare, a cybersecurity consulting company.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.