Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label American Airlines. Show all posts

American Airlines Pilot Union Targeted in a Major Ransomware Attack

 

In the wake of the most recent in a string of cyberattacks that have affected the aviation sector, the American Airlines pilot union is attempting to restore its systems.

On October 30, the union, which is in charge of over 15,000 pilots at the airline, put up a notice on its website describing how it became aware of the cyberattack.

The undisclosed cybersecurity firm hired to conduct the investigation confirmed that the union was infected with ransomware and that some systems were encrypted. 

“As a result, the restoration of those systems has entailed a methodical and time-consuming process for our IT team and outside experts,” the company stated. “As we work to recover from backups, we are also continuing to assess potential impacts to data, including member data. Investigations of this nature often take time to complete.”

The company's IT staff is restoring its systems in collaboration with independent specialists, and they reported that progress is being made, meaning that soon, some services will be operational again. 

“Once the initial restoration is in place, we will continue to restore additional services over the coming hours and days, placing a priority on pilot-facing products and tools,” the union added. “We are working diligently to be fully operational as soon as possible, while keeping the security of our systems front and center.” 

The union claimed in social media posts that the cybersecurity incident started early on October 30. Throughout the week, a few essential services were brought back online, but the company will keep you informed about their progress. 

Over the past six months, attacks on the aviation industry have been constant. A day after a cyberattack targeted one of Mexico's busiest airports, aircraft manufacturer Boeing announced that it was taking action in response to an attack that affected its parts and distribution division. 

Ransomware gangs claimed responsibility for both incidents. Air Canada and Air Europa have also had incidents in the last month, and European aerospace giant Airbus disclosed in September that it was looking into a cybersecurity incident.

American Airlines Pilot Union Hit with Ransomware


On Monday, the Allied Pilots Association (APA), the preeminent labour union representing 15,000 dedicated pilots of American Airlines, revealed that its systems fell victim to a ransomware attack. Established in 1963, the APA stands as the foremost independent trade union for pilots globally. 

With a membership exceeding 15,000 pilots within the airline, the union made an announcement on its official website, disclosing the initial detection of the cyberattack on October 30. Engaging an undisclosed cybersecurity firm for a thorough examination, it was confirmed that the union had indeed fallen prey to a ransomware assault. This investigation revealed that certain systems had been subjected to encryption. 

"As a result, the restoration of those systems has entailed a methodical and time-consuming process for our IT team and outside experts. As we work to recover from backups, we are also continuing to assess potential impacts to data, including member data. Investigations of this nature often take time to complete,” the experts said.  

Collaborating closely with external specialists, the organization's IT team is diligently engaged in the process of restoring their systems. Encouragingly, they reported that these efforts are steadily advancing, indicating that they are on track to reinstate certain services online in the near future. 

“Once the initial restoration is in place, we will continue to restore additional services over the coming hours and days, placing a priority on pilot-facing products and tools. We are working diligently to be fully operational as soon as possible while keeping the security of our systems front and center, the union explained," the company added.

Taking to social media channels, the union relayed that the cybersecurity incident was initiated in the early hours of October 30. While a portion of essential services has been reinstated over the course of the week, the organization has committed to keeping stakeholders informed with regular updates on their ongoing efforts. 

Over the past half-year, the aviation sector has been confronting a relentless wave of cyberattacks. Just this week, a major airport in Mexico, known for its high traffic volume, fell victim to a cyber intrusion. Additionally, Boeing, a prominent aircraft manufacturer, acknowledged its active response to a cyberattack affecting its parts and distribution operations, underscoring the persistent threat faced by the industry. 

American and Southwest Airlines Witness Data Breach


This Friday, two of the world’s largest airlines, American Airlines and Southwest Airlines confirmed a data breach where their Pilot Credentials, a third-party software that controls the pilot recruitment and application for numerous airlines, were compromised.

Apparently, the incident took place on May 3, targeting primarily the third-party vendor. No impact on the airlines’ own network or systems has been reported.

What Transpired?

On April 30, the threat actor gained unauthorized access to the Pilot Credentials’ systems and stole files comprising data supplied by a few candidates in the pilot and cadet recruiting process.

According to the official information shared with Maine’s Office of the Attorney General, the breach impacted 5745 pilots and applicants of American Airlines, whereas Southwest reported that around 3009 individuals’ information was compromised.

"Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s)," says the American Airline.

The airlines will now drive all pilot and cadet candidates to self-managed internal portals, even though there is no proof that the pilots' personal information was intentionally targeted or exploited for fraudulent or identity theft purposes.

"We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest," Southwest Airlines stated. Both Airlines further notified law enforcement pertaining to its authorities in case of data breaches and are cooperating with the ongoing investigation of the issue.

Recent Years Have Seen More Such Cases

Another case of a data breach that came to light was when American Airlines was targeted back in September 2022. This breach impacted around 1,708 customers and airline employees.

Prior to this, the airline was a victim of a phishing attack that resulted in the compromise of the email accounts of numerous of its employees. The breach included employees’ and customers’ credentials like their names, dates of birth, mailing addresses, phone numbers, email addresses, driver's license numbers, passport numbers, and/or certain medical information.

Further investigation on the matter indicated that the threat actors involved in these breaches may as well have utilized the employees’ compromised accounts to launch more phishing attacks.