American Airlines has revealed that it suffered a data breach in July. On Friday, September 16th, it released an announcement stating that an undisclosed number of employee emails were compromised, granting access to a "very small number" of customers' sensitive personal information. It claims that none of the exposed data has been misused.

Data breach

The airline discovered the data breach on July 5th. Following the discovery, it secured the compromised accounts and hired a cybersecurity forensics team to conduct an investigation. The investigation found no evidence of sensitive information being used by the attackers. However, through the emails, the attackers gained access to sensitive information of many employees and customers. The information accessible to the cyber attackers included names, addresses, phone numbers, birth dates, email addresses, passport numbers, driver's license numbers, and medical information for select individuals.

In the announcement, the airline stated,

"In July 2022 we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members.

"Upon discovery of the incident, we secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident."

Identity protection

American Airlines has stated that it offers a two-year paid membership to Experian's IdentityWorks to all employees and customers whose information was compromised. While unaware of any misuse of the information, it recommends that all parties offered the identity protection should accept it and closely monitor their funds and credit.

A representative for the airline stated,

"Although we have no evidence that your personal information has been misused, we recommend that you enroll in Experian's credit monitoring. In addition, you should remain vigilant, including by regularly reviewing your account statements and monitoring free credit reports."

Minor threat

The airline considered the data breach a relatively minor threat following the cyber investigation. It has reassured the public that only a few employees and customers should be concerned about the information breach. It has not given a specific number regarding any portion of the breach. No number of compromised emails or individuals has been made public.

American has stated that the threat to its systems has been neutralized as its new security software has ensured that all company emails are now once again secure. It claims it has taken added measures to ensure that a situation like this never happens again.

Phishing campaign

The airline has not stated how long the attackers had access to the sensitive information. What is known is that the information was accessed through phishing emails. A phishing email is where an attacker sends an email to an individual appearing to be legitimate, usually from a company they work for or with. Attackers can access the recipient's email when the recipient opens links and attachments sent in these emails.

Luckily for the airline and its passengers, most customer information is not relayed through emails. It is typically only customers who need special assistance for various reasons, ranging from disabilities to customer service inquiries, whose data is ever passed through email. Despite being a small portion of customers whose information was compromised, the fact that the emails were ever compromised severely threatens the company and its operations.

What do you think of this data breach? Let us know in the comments below.

Source: BleepingComputer