American Airlines discloses data breach after employee email compromise

American Airlines

American Airlines has notified customers of a recent data breach after attackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information.

In notification letters sent on Friday, September 16th, the airline explained that it has no evidence that the exposed data was misused. 

American Airlines discovered the breach on July 5th, immediately secured the impacted email accounts, and hired a cybersecurity forensic firm to investigate the security incident.

“In July 2022 we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members,” the airline told affected customers [PDF].

“Upon discovery of the incident, we secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident.”

Personal information exposed in the attack and potentially accessed by the threat actors may have included employees’ and customers’ names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers, and / or certain medical information.

The airline said it would offer affected customers free two-year membership of Experian’s IdentityWorks to help with identity theft detection and resolution.

“Although we have no evidence that your personal information has been misused, we recommend that you enroll in Experian’s credit monitoring,” American Airlines added.

“In addition, you should remain vigilant, including by regularly reviewing your account statements and monitoring free credit reports.”

Limited number of affected individuals

The company is yet to disclose the number of affected customers and how many email accounts were breached in the incident.

Andrea Koos, American Airlines’ Sr. Manager for Corporate Communications told BleepingComputer after the article was published that the employees’ accounts were compromised in a phishing campaign but refused to reveal how many customers and employees were affected, instead saying that it was a “very small number.”

“American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts,” Koos said.

“While we have no evidence that any personal information has been misused, data security is of the utmost importance and we offered customers and team members precautionary support. We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future.”

American Airlines was also hit by a data breach in March 2021 when global air information tech giant SITA confirmed that hackers breached its servers and gained access to the Passenger Service System (PSS) used by multiple airlines worldwide, including American Airlines.

As the world’s largest airline by fleet size (more than 1,300 aircraft in its mainline), American Airlines has more than 120,000 employees and operates almost 6,700 flights daily to roughly 350 destinations in over 50 countries.

Update: Added American Airlines statement.


Related posts

Pass-the-Hash Attacks and How to Prevent them in Windows Domains

Sarah Henriquez

CISA warns of critical VMware RCE flaw exploited in attacks

Sarah Henriquez

Black Basta ransomware gang linked to the FIN7 hacking group

Sarah Henriquez

Leave a Comment