American Airlines suffered a data breach, a big name in recent days after an unauthorized actor compromised employee inboxes.
The source of the incident was a phishing attack which led to unauthorized access to a limited number of team-member mailboxes. The airline said that a very small number of customers and employees’ personal information was contained in the accessed emails, suggesting that its attackers were not able to pivot to corporate data stores.
A breach notification letter was sent to customers by American Airlines informing them that the breach has happened late this July 2022.
Upon discovery of the incident, we secured the applicable email accounts and engaged a third-party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident. Our investigation determined that certain personal information was in the email accounts. We conducted a full eDiscovery exercise and determined some of your personal information may have been contained in the accessed email accounts.American Airline Statement
We have no evidence to suggest that your personal information was misused. Nevertheless, out of an abundance of caution, we wanted to provide you with information about the incident and protective measures to be taken.American Airline Statement
The information potentially accessed by the threat actors includes PII such as names, dates of birth, mailing and email addresses, phone numbers, driver’s license, and passport numbers, and medical information.
The airline is offering those affected two years’ worth of identity theft protection from Experian. This is far from the first time American Airlines has been put on the back foot by malicious third parties.