A data breach incident has hit American Airlines after the firm confirmed the incident through notification letters they sent to affected customers last September 16. As stated in their letter, there was no proof that the stolen data were misused, although it is still unknown how many employee email accounts and sensitive personal data were compromised.
On July 5, the airline firm detected suspicious activities on its systems. Upon learning that some employee email accounts were compromised, they immediately secured these impacted accounts and teamed up with cybersecurity experts to begin the investigation, uncovering the nature and scope of the incident.
The compromised data from American Airlines include several sensitive employees and customer information.
Based on initial findings, employees’ and customers’ data could have been exposed to the hackers, including full names, birthdates, phone numbers, mailing addresses, email addresses, passport numbers, driver’s license numbers, and medical information.
As a part of helping the affected individuals to ensure their safety, American Airlines offered them a free two-year Experian’s IdentityWorks membership, which is effective for identity theft detection. The airline firm reiterated that even if there is no evidence of stolen data misuse, affected individuals must still enroll in the free cybersecurity tool they have offered.
The affected people are also warned to stay vigilant and monitor their account statements regularly.
When security researchers asked why the airline firm had chosen not to disclose the exact number of affected individuals, a representative stated that the compromised data was only a small number. Although, they are transparent that a phishing campaign had caused the incident, resulting in unauthorised access to a limited number of email inboxes of some of their employees.
Aside from the preventive support offered by American Airlines, they also stated to have implemented additional technical securities in their environment to prevent more cyberattacks from happening in the future.
It could be recalled that the airline firm was also associated with a data breach incident last year in March after the global air infotech company SITA confirmed that their Passenger Service System (PSS) servers used by multiple airlines worldwide were breached.