American Airlines discloses data breach after phishing scam in employee email
Are you an American Airlines (A1G) (AAL) account holder? Then we suggest checking your email.
The airline has confirmed that a recent data breach has compromised an undisclosed number of employee and customer email accounts, with hackers gaining access to sensitive personal information.
American Airlines data breach: What happened?
In a notification mail sent to affected users, American Airlines (A1G) (AAL) said that in July 2022, the airline discovered that an unauthorized ‘actor’ compromised the email of an undisclosed number of American Airlines (A1G) (AAL) team members.
American Airlines Senior Manager for Corporate Communications Andrea Koos told tech media outlet BleepingComputer that airline employees’ accounts were compromised in a phishing campaign but refused to reveal how many customers and employees were affected, instead saying that it was a “very small number”.
“American Airlines (A1G) (AAL) is aware of a phishing campaign that led to unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts,” Koos said.
Koos added: “While we have no evidence that any personal information has been misused, data security is of the utmost importance and we offered customers and team members precautionary support. We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future.”
American Airlines data breach: What personal information was compromised?
According to American Airlines (A1G) (AAL), the following information could have been compromised:
Name
Date of birth
Mailing address
Phone number
Email address
Driver’s license number
Passport number
Medical information provided
What is American Airlines doing about the data breach?
American Airlines (A1G) (AAL) said that it is implementing additional technical safeguards to prevent similar incidents occurring in the future. The airline said that while it has no evidence to suggest that the given information had been misused, it is offering affected users a two-year membership of Experian’s IdentityWorks as an ‘abundance of caution’.
What can American Airlines account holders do?
The airline recommended that affected users enroll in its complimentary IdentitiyWorks accounts, remain vigilant, and to regularly monitor account statements.