American Airlines Data Breach Leaves Millions in Question of Their Safety
Table of Contents
- By Steven
- Published: Sep 21, 2022
- Last Updated: Sep 22, 2022
American Airlines is the world's largest airline by fleet size (having over 1,300 aircraft in its fleet), with more than 120,000 employees and operating in more than 50 countries, with 6,700 flights every day, flying to about 350 destinations. In July of 2022, the international corporation discovered unauthorized access to multiple employee email addresses. The airline has assured the press and public that only a small number of customers have been affected, but many flyers still fear the worst.
How Did the Attack Occur?
On July 5th, 2022, American Airlines was alerted to the presence of an unauthorized entity within their systems. The airline admitted to a phishing campaign that compromised "a limited number" of their employees' emails. They immediately shut down all compromised emails and hired a third-party cybersecurity forensic company to investigate and fortify their systems. They then launched a full-scale investigation into the matter, making sure that everything that could be done was done to ensure the safety of their customers and employees.
What Information Was Viewed or Stolen?
“The personal information involved in this incident may have included your name, date of birth, mailing address, phone number, email address, driver’s license number, passport number, and/or certain medical information you provided,” American Airlines stated in the letters sent to the affected customers (source Bleeping Computer). Customers are now worried about keeping their identities and credits safe. The airline refuses to offer the exact number of affected flyers, saying instead that it was "a very small number."
How Did American Airlines Admit to the Breach?
American Airlines customers are outraged; the company only began to alert the affected parties in September, more than two months after the breach was discovered. On September 19th, 2022, the airline sent letters to the people whose information was accessed during the breach. The letters explained the breach, what was accessed, and how they were rectifying the situation, in addition to what the consumers could do to keep themselves safe.
What Will Become of the Stolen Information?
American Airlines said in the letters sent to the affected individuals, "We have no evidence to suggest that your personal information was misused." That being said, with the abundance of information accessed by the "unauthorized actor," no one can be sure what the hacker plans to do with it. Identity theft is a real threat now facing these people. Seeing as the accessed information varies from things as small as birthdays to things as large as passport numbers, the possibilities for the hacker are practically endless. They could open credit cards in the name of a customer, as well as sign leases or mortgages, renew their passport with their image, or go so far as to become them with the gathered information.
What Should Affected Parties Do in the Aftermath of the Breach?
American Airlines urges any affected parties to join Experian’s® IdentityWorksSM, with two years paid for by the airline. "This product provides you with superior identity detection and resolution of identity theft," the company stated in their letters. Anyone accepting the company's offer of the cybersecurity service has until December 31st, 2022, to sign up online or through the mail.
