American Airlines hit by data breach
The airlines last reported a breach in March 2021 following the SITA servers’ hack

American Airlines has informed customers of a data breach after hackers accessed sensitive personal information from an undisclosed number of employee email accounts.
The Texas-based firm first learned of the hack on July 5. To prevent further intrusion and potential data abuse, American Airlines took measures to secure the impacted email accounts.
RELATED RESOURCE
Storage's role in addressing the challenges of ensuring cyber resilience
Understanding the role of data storage in cyber resiliency
Per reports, several personal details may have been exposed in the attack, including employees' and customers' names, dates of birth, mailing addresses, phone numbers, email addresses, driver's license numbers, passport numbers, and/or certain medical information.
Even so, there is, so far, no evidence that the exposed data was misused, the company confirmed in its notification letters to customers sent on September 16.
As matters stand, American Airlines is working alongside a cybersecurity forensic firm to investigate the security incident.
Additionally, the airline revealed it will offer affected customers two years of free Experian IdentityWorks membership to help them detect and resolve identity theft.
"American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts," said Andrea Koos, American Airlines' senior manager for corporate communications.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"While we have no evidence that any personal information has been misused, data security is of the utmost importance and we offered customers and team members precautionary support. We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future," Koos added.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly