A KLM Royal Dutch Airlines (KL) Boeing 737-800*, registered PH-HSE and operating as flight KL1548, was fully evacuated and subjected to an exhaustive security search at Málaga-Costa del Sol Airport (AGP) on the evening of Saturday, May 10, 2026, after a passenger set up a personal Wi-Fi hotspot bearing the name “Allahu Akbar — there is a bomb on board”, the NL Times reported.
The aircraft, scheduled to depart for Amsterdam Airport Schiphol (AMS) at 20:30 local time, did not clear Spanish security protocols until 00:42 the following morning, ultimately landing in Amsterdam at approximately 03:00 — three and a half hours behind schedule. No explosive device or suspicious material of any kind was found aboard the aircraft or in the passengers’ checked baggage.
KLM confirmed the incident in a statement to Dutch regional broadcaster NH, saying the carrier had “always take[n] such reports extremely seriously” and had “implemented the appropriate safety measures in close cooperation with the local authorities.” The airline has not publicly identified the passenger responsible for the hotspot name, nor disclosed whether formal charges have been pursued.
Under Dutch law, making a hoax bomb threat carries a maximum custodial sentence of up to four years and a financial penalty exceeding €25,000. In addition, separate Spanish criminal statutes governing offences committed on Spanish soil may also apply. Some passengers aboard the aircraft were reportedly so shaken by the incident that they declined to continue on the flight once clearance was granted.
[Note that KLM’s Boeing 737 was the aircraft type which the Dutch King Willem-Alexander piloted ]
“There is a Bomb on Board” Wi-Fi and the Four-Hour Delay
The incident unfolded during the pre-departure phase at AGP, just minutes before the planned boarding call. Security services learned of the threatening message just before boarding on the night of Saturday to Sunday, triggering an immediate activation of anti-terror measures. KLM crews, upon noticing the incendiary Wi-Fi network name visible to any passenger scanning for available connections, immediately alerted the Spanish security authorities rather than attempting to handle the matter internally.
All passengers were instructed to leave the aircraft while security teams carried out a full inspection of the plane. Specialist TEDAX agents from the Guardia Civil arrived at the scene and performed exhaustive searches inside the plane as well as on all checked baggage belonging to those about to board. Passengers stayed on the ground for several hours while teams examined every compartment, bag, nook and cranny. Extra verification procedures were also conducted in close coordination with airport staff and KLM personnel to confirm that no risk existed for anyone on board or in the terminal buildings.
The flight KL1548 was scheduled to depart from Málaga for Amsterdam Airport Schiphol, but was unable to leave following the security alert. Guardia Civil officers moved quickly to isolate the Boeing 737-800, which had been scheduled to depart at 8.30pm but finally left at 12.42am once all checks had concluded.
A German-language account of the incident, reported by De Telegraaf and summarised by Headtopics, noted that some passengers praised the KLM crew for their composure throughout: one traveller was quoted as saying crew members “calmed people down, gave regular updates, and looked after us well” during the prolonged standby period.
KLM’s Statement and the Possible $25,000 Fine
In a terse statement to Dutch regional broadcaster NH, KLM said it had acted in accordance with established safety procedures:
“We always take such reports extremely seriously and implemented the appropriate safety measures in close cooperation with the local authorities.”
The airline did not address the question of whether it was seeking compensation from the responsible individual, nor whether Spanish authorities had made any arrest at the time of publication.
The legal consequences facing the individual responsible — once identified — are potentially severe under multiple jurisdictions. Making hoax bomb threats is a crime in the Netherlands that can be punished by up to four years in jail or a fine of more than €25,000, and passengers found responsible are also likely to be banned from flying again.
The incident occurred on Spanish territory, however, meaning Spanish criminal law governing aviation security offences will take precedence. Spanish authorities can prosecute individuals who make bomb threats on aircraft, and similar cases in recent years have resulted in fines exceeding €100,000 and potential prison sentences.
Civil liability for the costs of the security response — encompassing TEDAX deployment, airport lockdown operations, and the airline’s own operational disruption — represents an additional financial exposure that courts in comparable cases have imposed upon convicted offenders.
Wi-Fi Bomb Threats Are Becoming a Recurring Aviation Security Problem
The Málaga incident is not an isolated act of foolishness — it is the latest in a series of Wi-Fi-based bomb threats that have disrupted commercial flights with increasing frequency. The most prominent recent precedent directly involving Spanish airspace occurred on January 15, 2026, when a passenger aboard Turkish Airlines (TK) flight TK1853, operating an Airbus A321 from Istanbul Atatürk Airport (IST) to Barcelona El Prat Airport (BCN), renamed their hotspot “I have a bomb. Everyone will die.”
A sonic boom was subsequently reported over southern France as French fighter jets were scrambled in response to the bomb threat, and the escort was handed over to Spanish Eurofighter Typhoons as the Turkish Airlines aircraft entered Spanish airspace. The A321 subsequently performed three loops in a holding pattern off the Catalan coast before making a safe landing just after 11:00 am local time after a half-hour delay. Turkish Airlines later confirmed the incident in a statement, saying:
“On our flight this morning, it was detected that a passenger established an in-flight internet access point and set the network name to include a bomb threat.”
Another comparable incident occurred in the United States, when a passenger aboard American Airlines (AA) flight AA2863 — scheduled to depart Austin-Bergstrom International Airport (AUS) for Charlotte Douglas International Airport (CLT) — triggered a full-scale airport lockdown by using a bomb-threat Wi-Fi name. Law enforcement officers, TSA bomb specialists, K9 units, and explosive device experts swarmed the tarmac, treating the flight as an imminent security threat.
The broader statistical backdrop is troubling. According to the US Bomb Data Center, bomb threats increased by 26% in 2023, while India’s Bureau of Civil Aviation Security reported nearly 1,000 bomb threats to aircraft in 2024 alone. Research cited by Lexology from the Global Journal of Airport and Airline Security suggests the motivations behind hoax threats span a wide spectrum — from score-settling against airlines to individuals who, as the report dryly noted, “strangely enjoy the thrill of a large-scale prank.”
The following table gives us an indication of the bomb threats recorded in 2026:
| Date (2026) | Airline / Flight | Route | What Happened | Outcome |
|---|---|---|---|---|
| Jan. 18 | IndiGo Flight 6E-6650 | Delhi → Bagdogra | A bomb threat note was reportedly found on tissue paper inside the aircraft lavatory while airborne, prompting an emergency diversion to Lucknow (moneycontrol.com). | Aircraft searched; no explosives found. |
| Jan. 22 | IndiGo Flight 6E 2608 | Delhi → Pune | A handwritten bomb threat note was discovered after landing in Pune. The aircraft was moved to an isolation bay for checks. | Declared a hoax after security inspection. |
| Jan. 28 | Air India Express Flight IX 1016 | Goa → Delhi | A handwritten bomb threat note allegedly found onboard caused the flight to halt in Mumbai and triggered extensive security checks (reddit.com). | Threat treated as a hoax; major delays reported by passengers. |
| Feb. 14 | IndiGo Flight 6E 7304 | Kolkata → Shillong | Crew reportedly discovered a handwritten bomb threat note in the lavatory before departure. Passengers were deboarded and the aircraft isolated | Thorough search completed; flight later cleared. |
Other Recent Security Events Involving KLM
The AGP bomb-threat incident arrives in a period that has already placed KLM’s operational resilience under scrutiny on multiple fronts. In February 2026, Aviation Safety Network documented a low-speed collision at Amsterdam Airport Schiphol (AMS) in which a KLM Boeing 737-8K2 (WL), registration PH-BGC, operating flight KL1040, was struck by another KLM 737 while taxiing to its parking position at gate D29.
Separately, in May 2026, Aviation Herald reported that a KLM Boeing 777-200ER operating flight KL792 declared an emergency at Amsterdam Airport Schiphol following a hydraulic leak in flight.