• American Airlines Boeing 787-9 Dreamliner From Above

    American Airlines

    IATA/ICAO Code:

    Airline Type:
    Full Service Carrier

    Charlotte Douglas International Airport, Chicago O’Hare International Airport, Dallas/Fort Worth International Airport, Los Angeles International Airport, Miami International Airport, New York JFK Airport, LaGuardia Airport, Philadelphia International Airport, Phoenix Sky Harbor International Airport

    Year Founded:


    Robert Isom

    United States

American Airlines has revealed that it suffered a data breach in July. On Friday, September 16th, it released an announcement stating that an undisclosed number of employee emails were compromised, granting access to a “very small number” of customers‘ sensitive personal information. It claims that none of the exposed data has been misused.

Data breach

The airline discovered the data breach on July 5th. Following the discovery, it secured the compromised accounts and hired a cybersecurity forensics team to conduct an investigation. The investigation found no evidence of sensitive information being used by the attackers. However, through the emails, the attackers gained access to sensitive information of many employees and customers. The information accessible to the cyber attackers included names, addresses, phone numbers, birth dates, email addresses, passport numbers, driver’s license numbers, and medical information for select individuals.

An American Airlines aircraft taking off Dallas

American Airlines claims none of the compromised information has been used by the attackers. Photo: Dallas Fort Worth International Airport

In the announcement, the airline stated,

“In July 2022 we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members.

“Upon discovery of the incident, we secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident.”

Identity protection

American Airlines has stated that it offers a two-year paid membership to Experian’s IdentityWorks to all employees and customers whose information was compromised. While unaware of any misuse of the information, it recommends that all parties offered the identity protection should accept it and closely monitor their funds and credit.

American Airlines Boeing 777-200 taking off london heathrow airport

American Airlines has offered identity protection services to all whose information was compromised. Photo: Vincenzo Pace | Simple Flying

A representative for the airline stated,

“Although we have no evidence that your personal information has been misused, we recommend that you enroll in Experian’s credit monitoring. In addition, you should remain vigilant, including by regularly reviewing your account statements and monitoring free credit reports.”

Minor threat

The airline considered the data breach a relatively minor threat following the cyber investigation. It has reassured the public that only a few employees and customers should be concerned about the information breach. It has not given a specific number regarding any portion of the breach. No number of compromised emails or individuals has been made public.

American has stated that the threat to its systems has been neutralized as its new security software has ensured that all company emails are now once again secure. It claims it has taken added measures to ensure that a situation like this never happens again.

Phishing campaign

The airline has not stated how long the attackers had access to the sensitive information. What is known is that the information was accessed through phishing emails. A phishing email is where an attacker sends an email to an individual appearing to be legitimate, usually from a company they work for or with. Attackers can access the recipient’s email when the recipient opens links and attachments sent in these emails.

Luckily for the airline and its passengers, most customer information is not relayed through emails. It is typically only customers who need special assistance for various reasons, ranging from disabilities to customer service inquiries, whose data is ever passed through email. Despite being a small portion of customers whose information was compromised, the fact that the emails were ever compromised severely threatens the company and its operations.

What do you think of this data breach? Let us know in the comments below.

Source: BleepingComputer

Source: simpleflying.com

Napsat komentář

Vaše e-mailová adresa nebude zveřejněna.

You May Also Like

U.S. Air Force Marks 75 Years: 5 Things To Know

Seventy-five years ago and as the nation rebounded from World War II,…

Gulfstream G700 and G800 Engines Earn EASA Certification

Gulfstream is showing major progress bringing its new G700 and ultralong-range Gulfstream…

Air Force Approves KC-46A Tanker for Worldwide Deployment, Including Combat Operations

Boeing’s [NYSE: BA] KC-46A Pegasus tanker is now approved for worldwide deployment,…

B-21 Stealth Bomber Rollout Date Set

The U.S. Air Force’s top-secret stealth bomber, the Northrop Grumman [NYSE: NOC]…