Japan Airlines (JAL) has confirmed unauthorized access to its baggage delivery service reservation system, exposing the personal data of up to 28,000 users. The incident was detected on February 9, 2026 and represents one of the most significant security breaches in the aviation sector this year.
The airline immediately suspended the affected service and states that no other company systems were compromised. However, the exposed data covers customers who used the service since July 2024, significantly amplifying the scope of the incident.
What exactly happened
Attack timeline
Airport staff notified the responsible department on February 9 that the baggage delivery service wasn't functioning properly. The internal investigation revealed that unauthorized access occurred at 12:40 AM that day. By 10:20 AM, the reservation function was completely suspended.
The affected service
The hack targeted JAL's Same-Day Luggage Delivery Service, which transports passengers' baggage from airports to designated hotels. It's a popular service among business travelers and tourists in Japan.
What data was compromised
Information that may have been leaked includes:
- Personal data: full names, email addresses, phone numbers
- Travel data: flight numbers, departure and arrival airports, hotel names
What data was NOT affected
JAL clarified that credit card numbers and passwords were not compromised. This significantly reduces the risk of direct financial fraud, although the exposed data could be used for phishing attacks.
How to know if you were affected
If you used Japan Airlines' baggage delivery service since July 2024, your data could be among the 28,000 compromised records. JAL is directly notifying affected users.
Steps you can take now:
- Check your email: look for official communications from Japan Airlines
- Be wary of suspicious emails: attackers could use your data to send phishing that appears legitimate from JAL
- Change passwords: if you used the same password from JAL's service on other sites, change it immediately
- Monitor your accounts: watch for unusual activity on accounts linked to the exposed email
Context: wave of hacks in February 2026
The Japan Airlines attack is not an isolated case. February 2026 has been an especially active month for cybersecurity incidents:
- Substack: unauthorized access to user data detected on February 3
- Ivanti vulnerability: 417 exploitation sessions recorded between February 1-9
- Malicious Chrome extension: designed to steal Meta Business Suite data
- Singapore telecom operators: attack attributed to China-linked espionage group
What JAL is doing about it
Japan Airlines has temporarily suspended its baggage delivery service while investigating the incident. The airline says it is strengthening its security measures and working with cybersecurity experts to determine the full scope of the breach.
As of now, JAL has not publicly identified the responsible parties. Japanese cybersecurity authorities are involved in the investigation.
