Posted on September 20, 2022 at 3:06 PM
American Airlines affected by a data breach after an employee’s email was compromised
American Airlines has alerted customers of a data breach that happened recently. The breach happened after attackers compromised numerous employee email accounts and accessed personal information.
Data breach on American Airlines
American Airlines sent notification letters on Friday where it alerted users of this breach. The letters explained that there was no evidence of the accessed data being misused to take advantage of the affected customers.
American Airlines detected the data breach on July 5. After the discovery, it secured the affected email accounts and even contracted a cybersecurity company that would investigate the security breach.
In the notice sent to customers, American Airlines said that the breach was detected in July this year, adding that a threat actor had compromised the email accounts of several team members of American Airlines.
“Upon discovery of the incident, we secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident,” the announcement said.
American Airlines also alerted customers of the personal details exposed following the attack. The information could also have included the names of customers and their employees. The other information that was also accessed following the breach includes the dates of birth, mailing addresses, email addresses, phone numbers, passport numbers, driver’s license numbers, and other medical details.
The airline further added that it would give the affected customers a free two-year membership of the Experian IdentityWorks. The membership will assist in identifying theft and resolving the effects of the breach.
The airline further added that there was no evidence that users’ personal information had been misused. It has further recommended that users enroll with Experian credit monitoring.
“Although we have no evidence that your personal information has been misused, we recommend that you enroll in Experian’s credit monitoring,” the report by American Airlines added. Additionally, one should also maintain vigilance, including conducting a regular review of the account statements and monitoring the free credit reports.
Number of affected customers has not been disclosed
The company has yet to issue any statement regarding the number of customers affected following the data breach. However, it has not revealed the number of breached email accounts after this incident.
The Senior Manager for Corporate Communications at American Airlines, Andrea Koos, commented on the development in response to BleepingComputer saying that the employees’ accounts were affected following a phishing campaign. However, the executive did not reveal the number of employees and customers affected by the breach.
In its response, the airline said that the number of affected customers and employees was a “very small number.” It added that the phishing campaign had led to unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts.”
The airline further added that there was no evidence that personal information had been misused. It added that one of the key factors that needed to be considered was data security, adding that it had given its customers and team members proactive support.
“We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future,” the airline added. While the airline is promising its customers that they will not be affected, it is not the first time that the airline has been affected by a data breach.
In March last year, American Airlines was the victim of another data breach. The breach was made public by SITA, a global air information technology giant. The tech giant confirmed that the hackers had indeed breached the servers and they had gained unauthorized access to the Passenger Service System (PSS). The PSS system is used by several airlines around the world, among them being American Airlines.
However, American Airlines is one of the largest airlines in the world, and the breach is bound to have a notable effect on its operations. As a leading airline, it has a fleet of over 1300 aircraft within its mainline. American Airlines also has over 120,000 employees, and it has around 6700 flights that operate daily. It also goes to around 350 destinations in more than 50 countries.