American Airlines has recently suffered a data breach. Threat actors compromised a limited number of employee Microsoft 365 email accounts, and as a result gained access to sensitive customer and employee personal information. The information included names, email addresses, passport numbers, date of birth, driver’s license numbers, mailing addresses, phone numbers, and certain medical information.
The company filed a data breach notification letter with Montana’s State Attorney General’s Office on September 16, 2022, disclosing that the breach was discovered in July, approximately two months earlier. The notification reads: “In July 2022 we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members. Upon discovery of the incident, we
secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident. Our investigation determined that certain personal information was in the email accounts. We conducted a full eDiscovery exercise and determined some of your personal information may have been contained in the accessed email accounts. We have no evidence to suggest that your personal information was misused.”
The company did not disclose how many customers were impacted by the data breach.
American Airlines employs about 123,000 employees, and makes about 6,800 daily flights to 350 destinations in over 50 countries. It is the world’s largest airline when measured by fleet size, scheduled passengers carried, and revenue per passenger mile.
Read more about it here.