Vietnam Airlines & airports hack (1937CN)
Hackers claiming the name 1937CN hijacked flight-information displays and PA systems at major Vietnamese airports with anti-Vietnam South China Sea messages, and leaked data on 411,000 Vietnam Airlines frequent flyers.
- Victim
- Vietnam Airlines & Vietnamese airports
- records
- 411.0K
- users
- 411.0K
On 29 July 2016, attackers claiming the banner of the Chinese hacker collective 1937CN carried out one of Southeast Asia's most dramatic hacktivist operations: they seized control of flight-information displays and public-address systems at Vietnam's busiest airports, broadcast anti-Vietnam propaganda over the South China Sea dispute, and leaked the records of 411,000 Vietnam Airlines frequent flyers.
What happened
The attack struck during the evening rush at Noi Bai International Airport (Hanoi) and Tan Son Nhat International Airport (Ho Chi Minh City), with other airports including Da Nang and Phu Quoc also reportedly affected. The hackers:
- Defaced flight-information screens with derogatory messages against Vietnam and the Philippines over their territorial dispute with China.
- Hijacked airport PA / speaker systems at Noi Bai to broadcast the same messaging.
- Defaced the Vietnam Airlines website, redirecting it and posting hostile content.
Check-in systems were infected with malware and taken offline, forcing staff to process passengers manually with handwritten boarding documents and handheld speakers. Roughly 100 flights were delayed, affecting about 2,000 passengers.
The data leak
Alongside the disruption, the attackers published a database of 411,000 members of Vietnam Airlines' Golden Lotus frequent-flyer program. The leaked file included member names and account credentials. Vietnam Airlines urged all Golden Lotus members to change their passwords immediately.
Political context
The timing was unmistakably political. The attack came just 17 days after the Permanent Court of Arbitration in The Hague ruled against China's claims in the South China Sea on 12 July 2016 β a ruling Beijing rejected. The hackers used the compromised systems as a propaganda platform, framing the operation as retaliation in the maritime dispute.
Attribution
The operation was claimed under the name 1937CN, a well-known Chinese hacktivist group. However, attribution remains disputed: the group's involvement was a claim rather than a confirmed finding, and security analysts have cautioned against assuming direct state sponsorship. The named group denied direct responsibility in some reports, a common pattern in politically charged regional incidents.
Why it matters
The 2016 incident was a landmark for aviation cybersecurity in Asia, showing how an attack could fuse physical-world disruption (departure boards, PA systems, manual check-in) with a mass data leak in a single politically motivated operation. It pushed Vietnamese authorities to harden critical-infrastructure defenses and remains a reference case for hacktivism targeting transport hubs to maximize visibility and public impact.
Timeline
An international tribunal in The Hague rules against China's South China Sea territorial claims.
Attackers hijack flight-display screens and PA systems at Noi Bai and Tan Son Nhat airports with anti-Vietnam messages.
Vietnam Airlines' website is defaced and data on 411,000 Golden Lotus frequent flyers is leaked online.
Airport staff revert to manual check-in; roughly 100 flights are delayed, affecting about 2,000 passengers.
Vietnam Airlines urges frequent flyers to change their passwords and begins system restoration.
Sources
- en.wikipedia.orghttps://en.wikipedia.org/wiki/Vietnamese_airports_hackings
- altexsoft.comhttps://www.altexsoft.com/travel-industry-news/vietnam-airlines-breach-adds-to-rising-airline-cyberattacks/
- reuters.comhttps://www.reuters.com/article/us-vietnam-cyberattack-idUSKCN1090F8
- bbc.comhttps://www.bbc.com/news/world-asia-36927674