American Airlines hit by data breach

An image of the underside of an airplane as it is flying
(Image credit: Shutterstock)

American Airlines has informed customers of a data breach after hackers accessed sensitive personal information from an undisclosed number of employee email accounts.

The Texas-based firm first learned of the hack on July 5. To prevent further intrusion and potential data abuse, American Airlines took measures to secure the impacted email accounts.


Storage's role in addressing the challenges of ensuring cyber resilience

Understanding the role of data storage in cyber resiliency


Per reports, several personal details may have been exposed in the attack, including employees' and customers' names, dates of birth, mailing addresses, phone numbers, email addresses, driver's license numbers, passport numbers, and/or certain medical information.

Even so, there is, so far, no evidence that the exposed data was misused, the company confirmed in its notification letters to customers sent on September 16.

As matters stand, American Airlines is working alongside a cybersecurity forensic firm to investigate the security incident.

Additionally, the airline revealed it will offer affected customers two years of free Experian IdentityWorks membership to help them detect and resolve identity theft.

"American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts," said Andrea Koos, American Airlines' senior manager for corporate communications.

"While we have no evidence that any personal information has been misused, data security is of the utmost importance and we offered customers and team members precautionary support. We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future," Koos added.