These breaches were a result of a hack targeting Pilot Credentials, a third-party vendor responsible for managing pilot applications and recruitment portals for multiple airlines.
American and Southwest Faces Data Breaches
On May 3, both airlines were notified about the incident involving Pilot Credentials. Fortunately, the breach was limited to the third-party vendor’s systems. Further, there was no compromise or impact on the airlines’ own networks or systems.
The unauthorized access to Pilot Credentials’ systems took place on April 30, during which the attacker stole documents containing personal information provided by certain pilot and cadet applicants.
According to breach notifications submitted to Maine’s Office of the Attorney General, American Airlines reported that 5,745 pilots and applicants were affected by the data breach. In contrast, Southwest Airlines reported a total of 3,009 individuals impacted.
Personal information compromised in the breach included names, Social Security numbers, and driver’s license numbers. Further, the passport numbers, dates of birth, Airman Certificate numbers, and other government-issued identification numbers.
Although no evidence suggests that the stolen personal information has been specifically targeted or exploited for fraudulent activities or identity theft. Subsequently, both airlines have taken immediate measures to enhance security.
They have decided to redirect all pilot and cadet applicants to self-managed internal portals. Subsequently, discontinued use of the third-party vendor.
American Airlines and Southwest Airlines have also promptly informed relevant law enforcement agencies about the breaches. Further, they are fully cooperating with the ongoing investigations.
History of Breaches at American Airlines
This latest data breach adds to a series of incidents experienced by American Airlines in recent years. In September 2022, the company disclosed another breach affecting over 1,708 customers and team members.
This breach resulted from a phishing attack in July 2022, which compromised several employee email accounts.
The personal information exposed in the July 2022 breach included names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers, and, in some cases, medical information.
Further investigation revealed that the attackers utilized the compromised employee accounts to launch additional phishing attempts.
Moreover, in March 2021, American Airlines fell victim to a data breach after the global air information tech giant SITA announced that hackers breached its servers and gained unauthorized access to the Passenger Service System (PSS) used by multiple airlines worldwide.
As the largest airline in the world by fleet size, operating thousands of daily flights to numerous destinations across the globe, American Airlines recognizes the importance of protecting customer and employee data.
The company has more than 120,000 employees and operates a vast network spanning over 50 countries.
Southwest Airlines’ Response
Southwest Airlines, known as the world’s largest low-cost carrier, operates in 11 countries. Further, it serves over 121 airports with a workforce of nearly 70,000 employees.
In response to the recent data breach, Southwest Airlines has terminated its association with Pilot Credentials. Further, it is now directing pilot applicants to an internal portal managed internally.
Both American Airlines and Southwest Airlines are committed to ensuring the security and privacy of their stakeholders’ information.
While investigations into these breaches continue, the aviation industry as a whole must remain vigilant in safeguarding sensitive data and staying ahead of evolving cyber threats.
Stay tuned with us. Further, follow us on social media for the latest updates.