American Airlines Discloses July Data Breach But Remains Tight-lipped on Details
Employee and customer data, including names, addresses, dates of birth, phone numbers, email IDs, and documents such as passport numbers and driver’s licenses (numbers), and/or medical information, could have been compromised.
American Airlines, the largest air carrier in the U.S., confirmed it suffered a data breach that impacted an unknown number of its customers and employees. The company notified last week, on September 16, that the threat actors accessed email IDs and other personal information.
American Airlines said the data breach took place in early July 2022. Employee and customer data, including names, addresses, dates of birth, phone numbers, email IDs, and documents such as passport numbers, driver’s licenses (numbers), and/or medical information, could have been compromised.
“Airlines have been a key target for cybercriminals for many years now, and in just the last couple of months, we have witnessed attacks on TAP Portugal, Pegasus and now American Airlines,” Julia O’Toole, CEO of MyCena Security Solutions, told Spiceworks.
“The reason airlines are such a prime target is because attackers have many different avenues to target and damage them. Firstly, there is a huge opportunity to access and steal critical data, like passports, PII and credit cards. While secondly, flaws in aviation systems, like the WiFi vulnerability that was announced last week, can put the physical safety of airplanes at risk.”
O’Toole is referring to the two separate vulnerabilities discovered in Contec WiFi devices. Patches for both flaws have been released. “In this instance against American Airlines, it looks like the attackers gained access through phishing, one of the easiest, yet most effective, attacks to execute,” O’Toole added.
See More: RagnarLocker Ransomware Gang Claims TAP Air Portugal as Its Second Victim in Two Weeks
“American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts,” said Andrea Koos, American Airlines’ senior manager for corporate communications.
Phishing is one of the most common attack vectors that involves a certain degree of social engineering based on the information of the target known by the attacker. American Airlines said they have no evidence that the compromised data was misused, although going by the data compromised, American Airlines customers and employees should look out for any out-of-the-blue emails and other signs of phishing.
“When it comes to defending against phishing, employee awareness is good, but clearly not enough to prevent all attacks. As a result, organizations should look towards encryption to improve their defenses. This involves encrypting employee access credentials, so they don’t even know them,” O’Toole suggested.
“This means credentials cannot be stolen or phished. Furthermore, when organizations segment their access, criminals cannot bring their whole network down with one set of credentials.”
To assuage concerns, American Airlines is offering a two-year membership of IdentityWorks, an identity theft detection and resolution and credit monitoring solution from Experian.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
MORE ON DATA BREACHES
