What Happened?
American Airlines and Southwest Airlines, two major airlines in the US, experienced data breach as a result of a hack on Pilot Credentials, a third-party vendor responsible for managing pilot applications and recruitment portals. The incident was limited to the systems of the third-party vendor and did not compromise the airlines’ own networks or systems. An unauthorised individual gained access to Pilot Credentials’ systems on April 30 and stole documents containing personal information provided by pilot and cadet applicants.
The breach affected 5,745 pilots and applicants of American Airlines and 3,009 individuals associated with Southwest Airlines. The stolen data included personal information such as names, Social Security numbers, driver’s license numbers, passport numbers, dates of birth, and other government-issued identification numbers. Although there is no evidence of specific targeting or exploitation of the pilots’ personal information for fraudulent purposes, the airlines have decided to direct all pilot and cadet applicants to self-managed internal portals to enhance security.
The Airlines’ Response
Both American Airlines and Southwest Airlines have notified law enforcement authorities and are fully cooperating with the ongoing investigation. They have terminated their relationship with Pilot Credentials and have implemented measures to protect the affected individuals.
American Airlines revealed that this is not the first data breach they have faced, with previous incidents occurring in September 2022 and March 2021. The airlines are committed to taking steps to strengthen their cybersecurity and safeguard the personal information of their employees and customers.
Brief Conclusion
The data breaches at American Airlines and Southwest Airlines, resulting from the hack of Pilot Credentials, highlight the risks associated with third-party vendors and the importance of robust cybersecurity measures. Although the breaches did not impact the airlines’ own systems, they have taken proactive steps to mitigate the effects and protect affected individuals. The incidents serve as reminders for organizations to prioritize data security and work closely with trusted partners to prevent and respond to breaches effectively.
- Cl0p demands ransom after After Major Western Co Data Breach
- MGM Resort Expects $100 Million Fallout from Recent Cyberattack
- MGM Resorts System Outage due to Cyberattack
- Johnson Controls Cyberattack: $51 Million Ransom Demanded
- China-Linked APT Group Targeting US and Japan Entities
- Massive MOVEit Data Breach: Millions of IDs Exposed