Suffering a data breach in July this year, American Airlines started informing all its customers about the incident this week. In an email notification, the airline company said the PII of its customers was breached.
Stating that compromised accounts of some of its employees were why American Airlines is offering its customers a free 2-year Experian IdentityWorks subscription. Although, it found no evidence regarding the misuse of any stolen data.
Breaching the Largest Airline Network
With 1,300 aircraft in its mainline, more than 120,000 employees worldwide, and 6,500+ daily flights to nearly 350 destinations in 50 countries, American Airlines is the world’s largest airline company serving millions every month. With this scope, it becomes an attractive target for cyber attackers.
And it did suffer a breach in March 2021 and again in July this year. This time, after concluding the investigations, the company started informing customers via an email, stating;
“In July 2022, we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members.”
Though they secured the compromised email accounts and deployed a third-party cybersecurity forensic firm to investigate, the damage has already happened.
Personal information like names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers, and/or certain medical information of some of its employees and customers has been breached.
Assuring that no misuse of the stolen information has been spotted, the company is anyway offering the affected customers a free two-year membership of Experian’s IdentityWorks – helping with identity theft detection and resolution.
It also advised people to remain vigilant and regularly check their account statements and monitor free credit reports. While it didn’t mention how exactly the breach happened, a reply to BleepingComputer by Andrea Koos, American Airlines’ Sr. Manager for Corporate Communications, revealed a phishing campaign was the cause.