American Airlines experienced a breach of its customer and employee data in early July. The company announced the hack more than two months later in a letter to affected customers sent on Friday, and first shared as a PDF by Bleeping Computer.
“The personal information involved in this incident may have included your name, date of birth, mailing address, phone number, email address, driver’s licence number, passport number, and/or certain medical information you provided,” the airline wrote to customers. Though, the company claimed to have “no evidence” that customers’ personal information has been misused.
American Airlines also said that, upon discovery of the issue, the company secured the impacted email accounts and hired a third party to investigate. The investigation determined that the breach was confined to a “limited number” of employee email accounts. However, the airline did not immediately respond to Gizmodo’s questions about how many accounts or people were impacted.
Like other recent hacks, this one seems to have originated through employee phishing, since the breach began with airline worker email accounts. In the massive August Twilio breach that compromised 10,000 sets of login credentials, hackers sent fraudulent phishing text messages styled to look like Okta’s security protocol.
And, in last week’s Uber security breach, a hacker allegedly posed as a member of the company’s IT team via text to obtain employee credentials. The moral of the story: It’s probably a good time to be extra sceptical of your texts and emails.
In response to the data breach, American Airlines is offering two years of free Experian identity theft and credit monitoring to impacted customers. The company further encouraged its customers to “remain vigilant,” by keeping tabs on credit reports and financial accounts.
This isn’t the first time the airline has had a data security issue. In March 2021, American Airlines was one of many companies impacted by a hack of SITA’s passenger system. SITA is one of the biggest aviation tech service companies worldwide, working with about 90% of airlines.