The airline has confirmed that a recent data breach has compromised an undisclosed number of employee and customer email accounts, with hackers gaining access to sensitive personal information.
American Airlines data breach: What happened?
In a notification mail sent to affected users, American Airlines (A1G) (AAL) said that in July 2022, the airline discovered that an unauthorized ‘actor’ compromised the email of an undisclosed number of American Airlines (A1G) (AAL) team members.
American Airlines Senior Manager for Corporate Communications Andrea Koos told tech media outlet BleepingComputer that airline employees’ accounts were compromised in a phishing campaign but refused to reveal how many customers and employees were affected, instead saying that it was a “very small number”.
“American Airlines (A1G) (AAL) is aware of a phishing campaign that led to unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts,” Koos said.
Koos added: “While we have no evidence that any personal information has been misused, data security is of the utmost importance and we offered customers and team members precautionary support. We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future.”
American Airlines data breach: What personal information was compromised?
Date of birth
Driver’s license number
Medical information provided
What is American Airlines doing about the data breach?
American Airlines (A1G) (AAL) said that it is implementing additional technical safeguards to prevent similar incidents occurring in the future. The airline said that while it has no evidence to suggest that the given information had been misused, it is offering affected users a two-year membership of Experian’s IdentityWorks as an ‘abundance of caution’.
What can American Airlines account holders do?
The airline recommended that affected users enroll in its complimentary IdentitiyWorks accounts, remain vigilant, and to regularly monitor account statements.