Apparently, the incident took place on May 3, targeting primarily the third-party vendor. No impact on the airlines’ own network or systems has been reported.
What Transpired?
On April 30, the threat actor gained unauthorized access to the Pilot Credentials’ systems and stole files comprising data supplied by a few candidates in the pilot and cadet recruiting process.
According to the official information shared with Maine’s Office of the Attorney General, the breach impacted 5745 pilots and applicants of American Airlines, whereas Southwest reported that around 3009 individuals’ information was compromised.
"Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s)," says the American Airline.
The airlines will now drive all pilot and cadet candidates to self-managed internal portals, even though there is no proof that the pilots' personal information was intentionally targeted or exploited for fraudulent or identity theft purposes.
"We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest," Southwest Airlines stated. Both Airlines further notified law enforcement pertaining to its authorities in case of data breaches and are cooperating with the ongoing investigation of the issue.
Recent Years Have Seen More Such Cases
Another case of a data breach that came to light was when American Airlines was targeted back in September 2022. This breach impacted around 1,708 customers and airline employees.
Prior to this, the airline was a victim of a phishing attack that resulted in the compromise of the email accounts of numerous of its employees. The breach included employees’ and customers’ credentials like their names, dates of birth, mailing addresses, phone numbers, email addresses, driver's license numbers, passport numbers, and/or certain medical information.
Further investigation on the matter indicated that the threat actors involved in these breaches may as well have utilized the employees’ compromised accounts to launch more phishing attacks.