Avelo Airlines: From Third-Party Breach to Deportation Flight Controversy

A Tale of Two Cyber Threats: Technical Vulnerabilities and Hacktivist Targeting

Avelo Airlines, the Houston-based ultra-low-cost carrier that launched in 2021, has found itself at the center of two distinct cybersecurity narratives that highlight the evolving threat landscape facing modern aviation. From a crippling third-party software breach that nearly derailed its inaugural operations to becoming a target of hacktivist attention over controversial government contracts, Avelo's story illustrates how airlines must navigate both technical vulnerabilities and politically motivated cyber threats.

The 2021 Radixx Breach: A Startup's Nightmare Scenario

Just days before Avelo Airlines was set to launch its inaugural flights in April 2021, the startup faced what could have been a company-ending crisis. Orlando-based company Radixx announced that it experienced a malware attack, causing an outage of its booking software. The outage impacts low-cost airlines like Avelo Airlines, a startup airline in the U.S., scheduled to launch in the next week.

The timing could not have been worse. Avelo Airlines, scheduled to launch its inaugural flights on April 28, from Burbank to Santa Rosa/Sonoma, Calif. suddenly found itself unable to process reservations through its booking system. The incident was particularly devastating for a startup that had already sold over $700,000 worth of tickets on its first day of sales.

Aeroflot Under Siege: The Growing Threat of Cyber Attacks on Global Airlines

Pro-Ukrainian Hackers Devastate Russia’s Flagship Airline in Year-Long Operation The aviation industry faced another stark reminder of its vulnerability to cyber threats this week when Russia’s flag carrier Aeroflot was forced to cancel dozens of flights on Monday after a pro-Ukrainian hacker group claimed responsibility for a cyberattack on the

Breached CompanyBreached Company

The Technical Details

On April 20th, Radixx, a subsidiary of Sabre Corporation noticed peculiar activity in regard to its Radixx Res passenger processing platform. Following an investigation, it was evident that malware was behind this anomaly. The attack affected approximately 20 airlines that relied on Radixx's booking software, but for Avelo, the impact was existential.

Radixx said customer information was not compromised, and Sabre spokesperson Kristin Hays said the company reported the attack to the FBI. However, the operational disruption was severe. Airlines affected by the breach were forced to implement workarounds, with some creating makeshift booking platforms to maintain limited operations.

The Business Impact

For Avelo, the breach represented a critical test of business continuity planning. The news was devastating for the airline and could mean thousands of dollars worth of lost revenue. The startup had to display apologetic messages on its website, informing customers that they were working with their reservation system provider to restore functionality.

The incident highlighted the vulnerability of airlines to third-party risks. Radixx Res supports both ticketed and ticketless processes. A key benefit that is promoted with the system is its rapid development and deployment to allow for efficient operations during peak periods. However, this dependency became a critical single point of failure when the system was compromised.

Fortunately for Avelo, later at 1:40 a.m. EST on April 25, Avelo announced that its booking systems had relaunched, allowing the airline to proceed with its launch plans, albeit with some delay and reputational impact.

WestJet Under Siege: When Cybercriminals Target Canada’s Critical Aviation Infrastructure

Breaking: June 14 cyberattack on Canada’s second-largest airline exposes vulnerabilities in critical transportation infrastructure In the early hours of June 13, 2025, WestJet’s cybersecurity team detected what would become one of the most significant cyberattacks on Canadian aviation infrastructure in recent years. The incident, which disrupted the airline’s mobile application

Breached CompanyBreached Company

The 2025 Deportation Flight Controversy: A Different Kind of Cyber Threat

Fast forward to 2025, and Avelo Airlines found itself in a very different kind of cyber-related controversy. This time, the threat wasn't from technical vulnerabilities but from the politically charged decision to operate deportation flights for U.S. Immigration and Customs Enforcement (ICE).

The Contract Decision

Avelo has signed a contract with the Department of Homeland Security (DHS) to handle deportation flights for U.S. Immigration Control and Enforcement (ICE), the company told CBS MoneyWatch. Avelo, which launched in 2021, said the move is necessary for the Houston-based airline to remain financially stable.

The decision was driven by financial necessity. In an April 3 email to Avelo employees obtained by ProPublica and other publications, CEO Andrew Levy called the deportation contract "too valuable not to pursue" at a time when his startup was losing money and consumer confidence was declining.

Avelo Airlines designated three of its Boeing 737-800 narrowbody twinjet aircraft for these operations, with this figure accounting for almost a quarter of its existing 737-800 fleet (13 aircraft according to ch-aviation). To accommodate this new business, the airline had to make operational sacrifices, including ceasing operations from Boise Airport.

The Hacktivist Response

While Anonymous did not directly target Avelo Airlines, the hacktivist collective did attack GlobalX, another airline involved in deportation flights, sending a clear message to all carriers participating in such operations. A Florida-based charter airline that operates the majority of deportation flights on behalf of the Trump administration has had its website hacked by the so-called Anonymous cyber group.

The attack on GlobalX served as a warning to other airlines, including Avelo. "Anonymous has decided to enforce the Judge's order since you and your sycophant staff ignore lawful orders that go against your fascist plans," a defacement message posted to GlobalX's website said. The hackers managed to steal and leak passenger manifests and flight records, demonstrating the potential consequences for airlines that become involved in controversial government operations.

The Broader Implications

The GlobalX hack highlighted how airlines involved in deportation flights could become targets of hacktivist operations. Unlike GlobalX, the Houston-based carrier Avelo also operates scheduled flights and has been hit with calls for a boycott from passengers who disagree with its role in immigration removal flights.

This created a new category of cyber risk for Avelo – one where the threat wasn't necessarily about technical vulnerabilities but about becoming a target due to controversial business decisions. The airline found itself having to consider not just traditional cybersecurity measures, but also the potential for politically motivated attacks.

Aviation Under Siege: The 2025 Airline and Airport Cyberattack Crisis

The aviation industry is facing an unprecedented wave of cyberattacks in 2025, with major airlines and airports worldwide falling victim to sophisticated hacking operations that have compromised millions of passengers’ personal data and disrupted critical infrastructure systems. In-Depth Technical Document on the CrowdStrike BSOD Incident@cisomarketplace CrowdStrike vs Microsoft: Impact

Breached CompanyBreached Company

A Pattern of Targeting: Airlines and Immigration

The targeting of airlines involved in deportation flights represents a new front in hacktivist operations. The hacking move came after New York Democratic lawmakers set their sights on commercial airlines that facilitate deportation flights. They've introduced legislation called the "State Airport Facilities Enforcing Accountability in Immigration Removals Act," or SAFE AIR Act for short.

This legislative response, combined with hacktivist attention, created a multi-pronged pressure campaign against airlines like Avelo. The company faced:

• Legal and regulatory scrutiny: Connecticut Attorney General William Tong cited in an April 8 letter to Avelo, revealing flight attendants' unease over the treatment and safety of detainees on such flights
• Public protests: About 100 people protested at BWI Airport in Maryland over a budget airline's role in immigration deportations
• Boycott campaigns: A petition started by the New Haven Immigrants Coalition urging people to boycott Avelo until it severs ties with ICE has collected more than 34,650 signatures
• Potential hacktivist targeting: While not directly attacked, the threat was demonstrated through the GlobalX breach

Cybersecurity Lessons and Industry Implications

Avelo's experiences offer several critical lessons for the aviation industry:

Third-Party Risk Management

The 2021 Radixx breach demonstrated the critical importance of supply chain cybersecurity. The use of third-party providers for ticket booking, passenger processing, and boarding services can also increase the risk of cyber attacks. Airlines must:

• Conduct thorough security assessments of all third-party providers
• Implement robust business continuity plans for critical system failures
• Ensure contractual obligations include cybersecurity requirements and incident response protocols
• Maintain backup systems or alternative providers for critical functions

Political Risk Assessment

The deportation flight controversy introduced a new dimension to cyber risk assessment. Airlines must now consider:

• Reputational risk assessment: How controversial contracts might make them targets for hacktivist groups
• Business continuity planning: How to maintain operations if targeted by politically motivated attacks
• Stakeholder management: Balancing financial necessities with potential backlash from customers, employees, and regulators

The Evolving Threat Landscape

The contrast between Avelo's two cyber-related incidents illustrates the evolving nature of aviation cybersecurity threats:

Traditional Threats: Technical vulnerabilities, third-party breaches, and financially motivated attacks remain significant concerns. The travel industry has been hit hard by cyber criminals, with fraud attempts on the sector increasing by 155.9% in 2021 alone.

Emerging Threats: Politically motivated attacks, hacktivist targeting, and attacks based on controversial business partnerships represent a new category of risk that requires different defensive strategies.

The Financial Calculus

For Avelo, the decision to pursue deportation flights despite potential cyber and reputational risks came down to financial survival. "We realize this is a sensitive and complicated topic," Avelo founder and CEO Andrew Levy said in a statement. "After significant deliberations, we determined this charter flying will provide us with the stability to continue expanding our core scheduled passenger service and keep our more than 1,100 Crewmembers employed for years to come".

This decision framework reflects the complex calculations that airlines must make in an increasingly interconnected and politically charged environment. The potential for cyber attacks becomes just one factor in a broader risk assessment that includes financial stability, regulatory compliance, public relations, and operational security.

The Latest Developments: Escalating Consequences (2025)

The controversy surrounding Avelo's deportation flights has continued to escalate throughout 2025, demonstrating how cybersecurity threats in the modern era extend far beyond technical vulnerabilities to encompass sustained campaigns of political and economic pressure.

The Smart Airport: Navigating Cybersecurity and Privacy Risks

As technology continues to evolve, so too do the capabilities of modern airports. “Smart airports” leverage advanced technologies to enhance passenger experience, streamline operations, and improve security. However, with these advancements come significant cybersecurity and privacy challenges. This article delves into the intricacies of smart airports, examining the cybersecurity and

Breached CompanyBreached Company

Widespread Protests and Public Backlash

About 100 people protested at Baltimore-Washington Thurgood Marshall International (BWI) Airport on Sunday over a budget airline's role in immigration deportations, organized by groups including Doctors for Camp Closure, Ground ICE, and the Greater Baltimore Democratic Socialists of America. Protesters held signs reading, "Avelo Airlines fuels fascism," "Avelo is disappearing people for Trump," and "Evilo."

The protests have not been limited to Baltimore. Protests are spreading from Connecticut to cities the airline serves across the country, including Eugene, Oregon; Rochester, New York; Burbank, California; and Wilmington, Delaware. U.S. Sen. Richard Blumenthal was among the nearly 300 attendees at a rally outside the New Haven airport, stating "Avelo has to change its course. To the president of Avelo: You really stepped in it."

Legal and Regulatory Pressures

Connecticut's response has been particularly aggressive. Connecticut's attorney general has sent his second warning in a month to the low-cost carrier Avelo Airlines, telling the startup it has jeopardized tax breaks and other local support by agreeing to conduct deportation flights for U.S. Immigration and Customs Enforcement.

The legal challenges include specific safety concerns. "Can Avelo confirm that it will never operate flights while non-violent passengers are in shackles, handcuffs, waist chains and/or leg irons?" Tong's April 8 letter asks. "Can Avelo confirm that it will never operate a flight without a safe and timely evacuation strategy for all passengers?"

Legislative action is also underway. A Democrat-sponsored bill to expand Connecticut's sanctuary law has now cleared its House Judiciary Committee in a 29-12, party-line vote, over the strong objections of Republicans, and awaits a full vote on the floor. If it passes, any companies — including airlines — proposing to do business with the state must pledge not to "cooperate or contract with any federal immigration authority for purposes of the detention, holding or transportation of an individual."

In-Depth Technical Document on the CrowdStrike BSOD Incident

@cisomarketplace CrowdStrike vs Microsoft: Impact and Fallout Explained Get a comprehensive understanding of the ongoing issue between CrowdStrike and Microsoft. Explore the potential impact on businesses worldwide and uncover the vulnerabilities it exposes. Find out how this incident affects Microsoft computers and learn why it’s crucial to have foolproof cybersecurity.

Breached CompanyBreached Company

The Repainting Controversy: Hiding in Plain Sight

Perhaps most telling has been Avelo's alleged attempt to distance itself from the visual association with deportation flights. Avelo Airlines, the Houston-based low-cost airline that recently took on a controversial deportation contract with the Department of Homeland Security's Immigration and Customs Enforcement (ICE) agency, is repainting the planes used to transport detainees all-white.

Critics of the airline's decision to partner with ICE believe the new paint scheme that completely eliminates any Avelo branding from the planes has been done to try to disguise its involvement in the mass deportation initiative. Social media accounts tracking the deportation flights have documented this change, with one posting: "How pathetic is that?"

This move is particularly significant because there is no requirement for airlines operating ICE deportation contracts to repaint their planes and, in fact, many airlines choose not to as this is a costly process.

Union and Employee Resistance

The internal pressure has been equally intense. The Association of Flight Attendants (AFA-CWA) has called on Avelo to rethink its decision and says it will fully support any of its members who refuse to work a deportation flight. The union has raised specific safety concerns: "It also impedes our ability to respond to a medical emergency, fire on board, decompression, etc. We cannot do our jobs in these conditions."

To circumvent this resistance, Avelo has been hiring a separate group of flight attendants to avoid a standoff with the crew union over its deportation contract. The airline has been recruiting flight attendants to staff the flights, according to a job posting for what it calls a "charter program for the Department of Homeland Security." The job pays $28 an hour for the first year of service.

The Business Impact: West Coast Withdrawal

The most dramatic consequence came in July 2025 when Avelo announced it was shutting down all West Coast operations. Avelo Airlines is shutting down its West Coast commercial flights as the carrier doubles down on East Coast operations and faces growing criticism over its deportation flights.

The Houston-based budget airline will close its hub outside of Los Angeles in Burbank, California, by December. Avelo launched its first flight from Burbank in 2021 and eventually expanded to 13 Western routes. The timing and scope of these cuts have been significant: routes will be phased out between Sunday, Aug. 10, and Tuesday, Dec. 2.

While Avelo maintains the closure was not related to the deportation controversy, critics disagree. "We are still operating the DHS contract out of our Mesa base," the spokesperson said. "Protests nor our contract with DHS had any effect on our decision and have not impacted our business."

However, The Coalition to Stop Avelo celebrated the airline's end to West Coast service, the New Haven Register reported. The group pushed back on Avelo's claims that the ICE flights aren't hurting the carrier's revenue, saying that "the sweeping cuts point to both a shrinking business model and the growing pressure from protests."

Matthew Boulay of The Coalition to Stop Avelo was more direct: "They got themselves into financial trouble and took the ICE contract out of desperation," he said. "It was a morally bankrupt deal with the devil — and now it's backfiring, because passengers don't want to fly Avelo. These protests are working. From California to Connecticut, communities are rejecting Avelo's values — and it's having a real impact on their bottom line."

Continued Operations Despite Pressure

Despite the mounting pressure, Avelo has continued its deportation operations. According to CBS News, Avelo's domestic and international flights flying migrants started in mid-May. Avelo said the aircraft used for the trips will not bear the company's logo.

The company has maintained its position throughout the controversy. Avelo shared the following statement with the Banner: "We recognize the right of individuals to peacefully assemble and assert their freedom of speech. Avelo's main priority continues to be maintaining the safety and timeliness of our operation that over 7.3 million Customers across the country continue to enjoy."

Conclusion: The New Reality of Aviation Cybersecurity

Avelo Airlines' journey from a third-party software breach to deportation flight controversy illustrates the rapidly evolving cybersecurity landscape facing modern airlines. The industry must now prepare for threats that go beyond traditional technical vulnerabilities to include sustained campaigns of political, economic, and reputational warfare.

The lessons from Avelo's experience are clear:

1. Third-party risk management remains critical, as demonstrated by the 2021 Radixx breach that nearly derailed the airline's launch
2. Business decisions can create new categories of risk that extend far beyond cybersecurity into sustained campaigns of economic and political pressure
3. Hacktivist targeting of controversial operations represents a growing threat vector, as demonstrated by the Anonymous attack on GlobalX that served as a warning to all deportation flight operators
4. Financial pressures can push airlines to accept higher risks, but those risks can manifest in unexpected ways—from traditional cyber attacks to boycotts, protests, and regulatory challenges
5. Operational adaptation becomes necessary when companies face sustained pressure, as seen in Avelo's repainting of aircraft, hiring of separate crews, and ultimately, the closure of West Coast operations

The Avelo case demonstrates that in the modern threat environment, airlines must consider not just technical security measures, but the broader implications of business decisions on their vulnerability to various forms of attack—cyber, political, economic, and reputational. The company's experience shows how a single controversial business decision can trigger a cascade of consequences that no traditional cybersecurity program could address.

As the aviation industry continues to digitize and as political tensions around immigration and other issues persist, airlines like Avelo must develop more sophisticated approaches to risk management that account for technical, political, and social threat vectors. The days when cybersecurity was purely a technical discipline are over—it's now inseparable from business strategy, public relations, regulatory compliance, and broader stakeholder management.

For an industry that connects the world, these lessons couldn't be more timely. As the sustained campaign against Avelo demonstrates, modern threats to aviation companies can be as diverse as they are persistent, requiring a comprehensive approach to security that extends far beyond traditional IT defenses.