American Airlines informed consumers of the latest data breach after attackers hacked an unknown number of staff email accounts and obtained access to highly sensitive personal data. The airline clarified in notification letters distributed on Friday, September 16th, that there is no proof that the disclosed data was abused. The hack was detected on July 5th by American Airlines, which then swiftly protected the affected email accounts and recruited a cybersecurity forensics company to investigate the security problem.
“In July 2022 we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members,” the airline said to affected customers. “Upon discovery of the incident, we secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident.”
Employees’ and customers’ names, dates of birth, phone numbers, postal addresses, email addresses, passport numbers, driver’s license numbers, and/or specific medical information may have been exposed in the attack and potentially accessible by threat actors. The airline said that it would provide impacted customers with a complimentary two-year subscription to Experian’s IdentityWorks to aid in the discovery and resolution of identity theft.
The company hasn’t yet revealed how many consumers were impacted by the incident or how many email accounts were compromised. According to Andrea Koos, Senior Manager for Corporate Communications at American Airlines, the workers’ accounts were hijacked in a phishing attempt. She declined to clarify how many customers and staff were impacted, only adding that it was a “very small number.”
In March 2021, the Passenger Service System (PSS), which is used by many airlines worldwide, including American Airlines, was infiltrated. SITA, a leading provider of aviation information technology, revealed that hackers broke into its systems. American Airlines has more than 120,000 workers and operates almost 6,700 flights per day to around 350 destinations in more than 50 countries, making it the largest airline in the world by fleet size (over 1,300 aircraft in its mainline).
