Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

Data Breach Hit Major Airlines in the US

What Happened?

American Airlines and Southwest Airlines, two major airlines in the US, experienced data breach as a result of a hack on Pilot Credentials, a third-party vendor responsible for managing pilot applications and recruitment portals. The incident was limited to the systems of the third-party vendor and did not compromise the airlines’ own networks or systems. An unauthorised individual gained access to Pilot Credentials’ systems on April 30 and stole documents containing personal information provided by pilot and cadet applicants.

The breach affected 5,745 pilots and applicants of American Airlines and 3,009 individuals associated with Southwest Airlines. The stolen data included personal information such as names, Social Security numbers, driver’s license numbers, passport numbers, dates of birth, and other government-issued identification numbers. Although there is no evidence of specific targeting or exploitation of the pilots’ personal information for fraudulent purposes, the airlines have decided to direct all pilot and cadet applicants to self-managed internal portals to enhance security.

The Airlines’ Response

Both American Airlines and Southwest Airlines have notified law enforcement authorities and are fully cooperating with the ongoing investigation. They have terminated their relationship with Pilot Credentials and have implemented measures to protect the affected individuals.

American Airlines revealed that this is not the first data breach they have faced, with previous incidents occurring in September 2022 and March 2021. The airlines are committed to taking steps to strengthen their cybersecurity and safeguard the personal information of their employees and customers.

Brief Conclusion

The data breaches at American Airlines and Southwest Airlines, resulting from the hack of Pilot Credentials, highlight the risks associated with third-party vendors and the importance of robust cybersecurity measures. Although the breaches did not impact the airlines’ own systems, they have taken proactive steps to mitigate the effects and protect affected individuals. The incidents serve as reminders for organizations to prioritize data security and work closely with trusted partners to prevent and respond to breaches effectively.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.