/

American Airlines Data Breach: What & How It Happened?

American Airlines Data Breach: What & How It Happened?

Twingate Team

Jun 14, 2024

In April 2023, American Airlines and Southwest Airlines experienced a data breach at a third-party software company called Pilot Credentials. The breach compromised the personal details of pilot and cadet applicants, affecting both airlines. Upon discovering the breach in May, the airlines notified the affected individuals and began cooperating with law enforcement. To prevent future incidents, both airlines have discontinued using the vendor and will now direct applicants to self-managed internal portals.

How many accounts were compromised?

The breach impacted data related to approximately 8,000 individuals, with 5,745 candidates for American Airlines and 3,009 candidates for Southwest Airlines.

What data was leaked?

The data exposed in the breach included names, social security numbers, passport numbers, dates of birth, driver's license numbers, Airman Certificate numbers, and other government-issued identification numbers.

How was American Airlines hacked?

Details regarding the specific methods used by hackers to breach Pilot Credentials' systems remain unclear. Reports indicate that an unauthorized individual gained access to the systems and stole documents containing personal information of pilot and cadet applicants. The exact techniques employed in the infiltration remain unclear.

American Airlines's solution

In response to the hack, American Airlines and Southwest Airlines discontinued the use of the third-party vendor Pilot Credentials. They directed pilot and cadet applicants to internal portals and notified affected individuals. Both airlines are cooperating with law enforcement in the investigation.

How do I know if I was affected?

American Airlines has notified individuals believed to be affected by the breach. If you're an American Airlines pilot or cadet applicant and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the appropriate authorities or companies.

For more specific help and instructions regarding the American Airlines data breach, please contact American Airlines customer service directly.

Where can I go to learn more?

If you want to find more information on the American Airlines data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

American Airlines Data Breach: What & How It Happened?

American Airlines Data Breach: What & How It Happened?

Twingate Team

Jun 14, 2024

In April 2023, American Airlines and Southwest Airlines experienced a data breach at a third-party software company called Pilot Credentials. The breach compromised the personal details of pilot and cadet applicants, affecting both airlines. Upon discovering the breach in May, the airlines notified the affected individuals and began cooperating with law enforcement. To prevent future incidents, both airlines have discontinued using the vendor and will now direct applicants to self-managed internal portals.

How many accounts were compromised?

The breach impacted data related to approximately 8,000 individuals, with 5,745 candidates for American Airlines and 3,009 candidates for Southwest Airlines.

What data was leaked?

The data exposed in the breach included names, social security numbers, passport numbers, dates of birth, driver's license numbers, Airman Certificate numbers, and other government-issued identification numbers.

How was American Airlines hacked?

Details regarding the specific methods used by hackers to breach Pilot Credentials' systems remain unclear. Reports indicate that an unauthorized individual gained access to the systems and stole documents containing personal information of pilot and cadet applicants. The exact techniques employed in the infiltration remain unclear.

American Airlines's solution

In response to the hack, American Airlines and Southwest Airlines discontinued the use of the third-party vendor Pilot Credentials. They directed pilot and cadet applicants to internal portals and notified affected individuals. Both airlines are cooperating with law enforcement in the investigation.

How do I know if I was affected?

American Airlines has notified individuals believed to be affected by the breach. If you're an American Airlines pilot or cadet applicant and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the appropriate authorities or companies.

For more specific help and instructions regarding the American Airlines data breach, please contact American Airlines customer service directly.

Where can I go to learn more?

If you want to find more information on the American Airlines data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

American Airlines Data Breach: What & How It Happened?

Twingate Team

Jun 14, 2024

In April 2023, American Airlines and Southwest Airlines experienced a data breach at a third-party software company called Pilot Credentials. The breach compromised the personal details of pilot and cadet applicants, affecting both airlines. Upon discovering the breach in May, the airlines notified the affected individuals and began cooperating with law enforcement. To prevent future incidents, both airlines have discontinued using the vendor and will now direct applicants to self-managed internal portals.

How many accounts were compromised?

The breach impacted data related to approximately 8,000 individuals, with 5,745 candidates for American Airlines and 3,009 candidates for Southwest Airlines.

What data was leaked?

The data exposed in the breach included names, social security numbers, passport numbers, dates of birth, driver's license numbers, Airman Certificate numbers, and other government-issued identification numbers.

How was American Airlines hacked?

Details regarding the specific methods used by hackers to breach Pilot Credentials' systems remain unclear. Reports indicate that an unauthorized individual gained access to the systems and stole documents containing personal information of pilot and cadet applicants. The exact techniques employed in the infiltration remain unclear.

American Airlines's solution

In response to the hack, American Airlines and Southwest Airlines discontinued the use of the third-party vendor Pilot Credentials. They directed pilot and cadet applicants to internal portals and notified affected individuals. Both airlines are cooperating with law enforcement in the investigation.

How do I know if I was affected?

American Airlines has notified individuals believed to be affected by the breach. If you're an American Airlines pilot or cadet applicant and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the appropriate authorities or companies.

For more specific help and instructions regarding the American Airlines data breach, please contact American Airlines customer service directly.

Where can I go to learn more?

If you want to find more information on the American Airlines data breach, check out the following news articles: