Etihad
Company Details
Linkedin ID:
etihadairways
Website:
Employees number:
13,927
Number of followers:
2,271,718
NAICS:
481
Industry Type:
Homepage:
http://www.etihad.com
IP Addresses:
0
Company ID:
ETI_2446455
Scan Status:
In-progress
Etihad Company CyberSecurity Posture
http://www.etihad.com
Marhaba! Welcome to Etihad Airways. We are proud to be the national airline of the UAE, flying to 100+ destinations via Abu Dhabi. At Etihad, we don't stop at the border of what's possible, we go beyond it. Proudly inspired by our Emirati identity, we are dedicated to delivering extraordinary travel experiences, helping our guests realise their ambitions. Our journey started in 2003. Since then, we have proudly helped millions of guests travel the globe. We are honoured to have had over 12 million valued members join our Etihad Guest loyalty programme. Diversity is key in driving us forward. At 12,000+ employees representing 140+ nationalities, our team comes together to deliver exceptional experiences at every stage of the journey. If you share our spirit of ambition and would like to reach new heights, visit https://careers.etihad.com/
Etihad A.I CyberSecurity Scoring
Etihad Risk Score (AI oriented)Between 750 and 799
Etihad
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Etihad Global Score (TPRM)XXXX
Etihad
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Etihad Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Etihad
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The personal details of around seven thousand individuals from Etihad’s loyalty program were sent to the Gulf News by an anonymous source. The breach was a result of an attack on a third party that worked with the airline in 2013 to run a promotional campaign The leaked information included the names, email addresses, phone numbers, and IP addresses of the customers.
Etihad Airways
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: Etihad Airways experienced a significant operational disruption due to a cyber-related incident, causing delays in its services. The airline’s systems were compromised, forcing staff to manually assist passengers with check-in procedures. Technicians were actively engaged in restoring the affected systems to normal operation, but the incident led to inconveniences for travelers, including potential missed connections or extended wait times. The statement issued by Etihad acknowledged the delay as being beyond their control, implying a technical failure or cyber interference. While no explicit mention of data breaches, ransomware, or financial losses was made, the disruption to core operational systems—such as check-in—suggests a severe impact on service delivery, reputation, and customer trust. The incident highlights vulnerabilities in critical infrastructure, potentially affecting the airline’s ability to maintain seamless operations and raising concerns about the resilience of its IT systems against cyber threats.
Etihad Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Etihad
Incidents vs Airlines and Aviation Industry Average (This Year)
Etihad has 127.27% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Etihad has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types Etihad vs Airlines and Aviation Industry Avg (This Year)
Etihad reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Etihad (X = Date, Y = Severity)
Etihad cyber incidents detection timeline including parent company and subsidiaries
Etihad Company Subsidiaries
Marhaba! Welcome to Etihad Airways. We are proud to be the national airline of the UAE, flying to 100+ destinations via Abu Dhabi. At Etihad, we don't stop at the border of what's possible, we go beyond it. Proudly inspired by our Emirati identity, we are dedicated to delivering extraordinary travel experiences, helping our guests realise their ambitions. Our journey started in 2003. Since then, we have proudly helped millions of guests travel the globe. We are honoured to have had over 12 million valued members join our Etihad Guest loyalty programme. Diversity is key in driving us forward. At 12,000+ employees representing 140+ nationalities, our team comes together to deliver exceptional experiences at every stage of the journey. If you share our spirit of ambition and would like to reach new heights, visit https://careers.etihad.com/
Loading...
Etihad Similar Companies
Cathay Pacific
Welcome to the official Cathay Pacific LinkedIn page. We have over 200 destinations in our global network, but want to do more than just move you from A to B. We want to take you further in your journey, and ultimately, to move beyond. And we’re here to do what we can to help you discover what’s nex
Air France
Depuis 1933, la compagnie Air France porte haut les couleurs de la France à travers le monde entier. Avec une activité, répartie entre le transport aérien de passagers, le fret, la maintenance et l’entretien aéronautique, Air France est un acteur majeur du secteur aérien. Plus de 45 000 collaborateu
How time flies. #18YearsOfIndiGo IndiGo is India’s largest passenger airline. We primarily operate in India’s domestic air travel market as a low-cost carrier with focus on our three pillars – offering low fares, being on-time and delivering a courteous and hassle-free experience. IndiGo has become
easyJet
We’re on a mission to make low-cost travel easy. Whatever your role, you’ll connect millions of people to what they love using Europe’s best airline network, great value fares, and friendly service. And to help us get there we’ll give you everything you need to make a personal impact on our growing
SAUDI AIRLINES
At Saudia Group, we're on a mission to inspire people to go beyond borders. Our purpose is rooted in unlocking human potential and connecting the world in ways never thought possible. We are committed to reshaping the aviation ecosystem in our region and beyond, by embracing innovation and a custome
American Airlines
Embark on an adventure with a commitment to service, excellence and humanity. Our team is what powers our airline. We are proudly dedicated to our purpose of caring for people on life’s journey, including connecting our customers to the people and places they love or providing our team members devel
JetBlue
When JetBlue first took flight in February 2000, our founding goal was to bring humanity back to air travel, and over two decades later, we still put our customers, crewmembers and communities at the center of everything we do. Before we even had aircraft to fly, our founders selected five values
Ryanair - Europe's Favourite Airline
Ryanair Holdings plc, Europe’s largest airline group, is the parent company of Ryanair DAC, Lauda, Buzz and Ryanair UK. Carrying 160m+ guests p.a. on over 3,000 daily flights to/from 225 airports. Plan to carry 225m+ guests p.a. by 2026. Unfortunately, we are unable to answer customer service que
The Lufthansa Group is an aviation company with operations worldwide. It plays a leading role in its European home market. With 109,509 employees, the Lufthansa Group generated revenue of EUR 32.770m in the financial year 2022. The Passenger Airlines segment includes, on the one hand, the network a
.png)
Etihad CyberSecurity News
November 13, 2025 11:53 AM
You Could Be Hacked By A Single WhatsApp Call And You Don’t Even Have To Pick Up
The UAE Cybersecurity Council dropped a warning. Hackers can break into your phone with a single WhatsApp call, even if you don't pick up.
November 10, 2025 12:54 AM
IATA: Pax want mobile and digital ID in future travel
The International Air Transport Association said two trends are redefining the passenger travel experience Mobile Reliance and Biometrics.
October 10, 2025 07:00 AM
Saudi Arabia IT Services Market Report 2025, Competitive Analysis of Saudi Telecom Company, Etihad Etisalat, Zain, SAP, Oracle, Microsoft, IBM, and Alphabet - ResearchAndMarkets.com
The "Saudi Arabia IT Services Market, By Region, Competition, Forecast & Opportunities, 2020-2030F" report has been added to...
October 10, 2025 07:00 AM
Etihad Airways expands network with new flights to Kabul, connecting Abu Dhabi with Afghanistan
Abu Dhabi, United Arab Emirates - Etihad Airways, the national airline of the UAE, is further expanding its regional network with the launch...
September 21, 2025 07:00 AM
Cybersecurity Breach Disrupts Major Airports Across Europe: Delays Hit Passengers at Brussels, Heathrow, and Berlin, Affecting Etihad Airways Operations
Cyberattack causes disruptions at major European airports, affecting Etihad Airways. Travelers face delays at Brussels, Heathrow,...
September 21, 2025 07:00 AM
Etihad Airways Hit Hard by Cyberattack, Leading to Severe Delays and Check-In Disruptions at Heathrow, Brussels and Berlin Airports
Etihad Airways has been severely impacted by a cyberattack, leading to significant delays and check-in disruptions at major European...
September 21, 2025 07:00 AM
Cyberattack disrupts check-in systems at major European airports
A cyberattack targeting check-in and boarding systems disrupted air traffic and caused delays at several of...
September 20, 2025 07:00 AM
UAE’s Etihad Airways faces delays after cyberattack hits European airports; Emirates operations unaffecte
Middle East News: A recent cyberattack targeting an airline check-in system has led to significant delays for Etihad Airways at major...
September 20, 2025 07:00 AM
Heathrow and European airport flight delays after cyber attack
Major airports across Europe are trying to cope with travel disruptions following cyber attacks against their electronic check-in and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Etihad CyberSecurity History Information
Official Website of Etihad
The official website of Etihad is http://www.etihad.com.
Etihad’s AI-Generated Cybersecurity Score
According to Rankiteo, Etihad’s AI-generated cybersecurity score is 791, reflecting their Fair security posture.
How many security badges does Etihad’ have ?
According to Rankiteo, Etihad currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Etihad have SOC 2 Type 1 certification ?
According to Rankiteo, Etihad is not certified under SOC 2 Type 1.
Does Etihad have SOC 2 Type 2 certification ?
According to Rankiteo, Etihad does not hold a SOC 2 Type 2 certification.
Does Etihad comply with GDPR ?
According to Rankiteo, Etihad is not listed as GDPR compliant.
Does Etihad have PCI DSS certification ?
According to Rankiteo, Etihad does not currently maintain PCI DSS compliance.
Does Etihad comply with HIPAA ?
According to Rankiteo, Etihad is not compliant with HIPAA regulations.
Does Etihad have ISO 27001 certification ?
According to Rankiteo,Etihad is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Etihad
Etihad operates primarily in the Airlines and Aviation industry.
Number of Employees at Etihad
Etihad employs approximately 13,927 people worldwide.
Subsidiaries Owned by Etihad
Etihad presently has no subsidiaries across any sectors.
Etihad’s LinkedIn Followers
Etihad’s official LinkedIn profile has approximately 2,271,718 followers.
NAICS Classification of Etihad
Etihad is classified under the NAICS code 481, which corresponds to Air Transportation.
Etihad’s Presence on Crunchbase
No, Etihad does not have a profile on Crunchbase.
Etihad’s Presence on LinkedIn
Yes, Etihad maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/etihadairways.
Cybersecurity Incidents Involving Etihad
As of November 27, 2025, Rankiteo reports that Etihad has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Etihad has an estimated 3,299 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Etihad ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Cyber Attack.
How does Etihad detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with likely (technicians working on restoration), and remediation measures with technicians actively restoring systems, and recovery measures with manual check-in assistance by staff, and communication strategy with public statement via gulf news..
Incident Details
Can you provide details on each incident ?
Title: Etihad Loyalty Program Data Breach
Description: The personal details of around seven thousand individuals from Etihad’s loyalty program were sent to the Gulf News by an anonymous source. The breach was a result of an attack on a third party that worked with the airline in 2013 to run a promotional campaign. The leaked information included the names, email addresses, phone numbers, and IP addresses of the customers.
Type: Data Breach
Attack Vector: Third-party attack
Threat Actor: Anonymous source
Title: Etihad Airways System Outage Disrupting Check-in Services
Description: Etihad Airways experienced a system outage causing delays in check-in services. Technicians are actively working to restore systems to normal operation. Staff are manually assisting guests to minimize disruptions. The airline apologized for the delays, citing circumstances beyond their control.
Type: System Outage (Potential Cyber Incident)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ETI2386522
Data Compromised: Names, Email addresses, Phone numbers, Ip addresses
Incident : System Outage (Potential Cyber Incident) ETI5993959092025
Systems Affected: Check-in systems
Operational Impact: Delays in passenger check-in, manual processing required
Customer Complaints: Likely (due to delays)
Brand Reputation Impact: Potential negative impact due to service disruption
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Email Addresses, Phone Numbers, Ip Addresses and .
Which entities were affected by each incident ?
Incident : Data Breach ETI2386522
Entity Name: Etihad Airways
Entity Type: Airline
Industry: Aviation
Customers Affected: 7000
Incident : System Outage (Potential Cyber Incident) ETI5993959092025
Entity Name: Etihad Airways
Entity Type: Airline
Industry: Aviation
Location: United Arab Emirates (HQ in Abu Dhabi)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : System Outage (Potential Cyber Incident) ETI5993959092025
Incident Response Plan Activated: Likely (technicians working on restoration)
Remediation Measures: Technicians actively restoring systems
Recovery Measures: Manual check-in assistance by staff
Communication Strategy: Public statement via Gulf News
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Likely (technicians working on restoration).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ETI2386522
Type of Data Compromised: Names, Email addresses, Phone numbers, Ip addresses
Number of Records Exposed: 7000
Personally Identifiable Information: namesemail addressesphone numbersIP addresses
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Technicians actively restoring systems.
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Manual check-in assistance by staff.
References
Where can I find more information about each incident ?
Incident : Data Breach ETI2386522
Source: Gulf News
Incident : System Outage (Potential Cyber Incident) ETI5993959092025
Source: Gulf News
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Gulf News, and Source: Gulf News.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : System Outage (Potential Cyber Incident) ETI5993959092025
Investigation Status: Ongoing (technicians working on restoration)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public statement via Gulf News.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : System Outage (Potential Cyber Incident) ETI5993959092025
Stakeholder Advisories: Public apology and update on manual check-in assistance
Customer Advisories: Apology for delays, manual check-in support provided
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Public apology and update on manual check-in assistance, Apology for delays and manual check-in support provided.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Anonymous source.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, email addresses, phone numbers, IP addresses and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Check-in systems.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were IP addresses, phone numbers, names and email addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 700.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Gulf News.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (technicians working on restoration).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Public apology and update on manual check-in assistance, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Apology for delays and manual check-in support provided.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=etihadairways' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
