American Airlines has reported that an unauthorized actor compromised the email accounts of a “limited number” of its team members.
The company said in a statement (opens in new tab) some of its consumer’s personal information may have been contained in the accessed email accounts, however, it maintained it had no evidence to suggest this personal information has been misused or customer details affected.
American Airlines claimed that it has now taken measures to secure the impacted email accounts from any future misuse, adding it is working with a cybersecurity forensic firm to investigate the incident.
What was compromised?
The personal information involved in this incident may have included names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers, and medical information.
American Airlines recommend that you enroll in Experian’s credit monitoring service to mitigate the threat of ID theft.
In addition, it recommended consumers should “remain vigilant”, for example regularly reviewing account statements and monitoring free credit reports.
The company is offering a complimentary two-year membership of Experian’s IdentityWorksSM, an identity theft prevention package.
Data breaches can be extremely serious business for airlines.
A 2020 cyber attack on EasyJet reportedly impacted up to 9 million passengers, with the credit card details of 2,208 exposed.
The data breach subsequently led to a suit from consumer claims specialist PGMBM, a law firm specializing in group legal action, with around £18bn of compensation being sought.
Unfortunately, this isn’t the first time American Airlines has been targeted by hackers.
Hackers accessed around 10,000 of its customer accounts in 2015, searching for assets like frequent flyer miles or loyalty cards that could be used to purchase goods and services.