Thousands of American and Southwest Airlines Pilots Exposed by Third-Party Breach
Table of Contents
- By Steven
- Jun 29, 2023
American Airlines and Southwest Airlines are both known for offering a long list of destinations throughout the United States and some other parts of the world. Two of America's largest airlines just suffered from a data breach that threatens to expose new pilots and cadets joining and hoping to join the airlines. The two airline companies weren't hacked directly, but the third-party software they used to manage pilot credentials was hacked, and a large amount of data for thousands of pilots was taken because of the attack.
How Did the Attack Occur?
The breach impacting pilots from American Airlines and Southwest Airlines was possible because of security flaws in Pilots Credentials' a third-party data management tool for airline pilots and cadets. The software was hacked on April 30, 2023, and the airlines received an alert about the incident on May 3. After the attack, the airlines stopped using the service, and they are now requiring pilots to submit their data through internal systems instead. According to expert research, approximately 5,745 pilots associated with American Airlines and 3,009 from Southwest Airlines were impacted by this breach.
What Information Was Viewed or Stolen?
A large amount of personal data was made available because of this data breach. All the information provided by pilot and cadet applicants when attempting to join either of the two airlines was available to look through because of the Pilot Credentials' breach. This includes things like government identification numbers, Social Security numbers, passport information, birth dates, full names, home address, Airman Certificate numbers, and more. All this information is a serious identity theft risk for the pilots, cadets, and applicants that weren't chosen. The data could be used in a number of harmful ways, and anyone impacted should be taking steps to protect themselves.
How Did the Airlines Admit to the Breach?
We know that American Airlines filed a notice with the Maine Attorney General's Office on June 23, 2023. The notice explains how the breach occurred, who is impacted, and what information was lost. It's likely that personal notices will go out to all the people whose information was exposed during this breach as well.
What Will Become of the Stolen Information?
We don't know if the pilot data was taken intentionally or not, so it's impossible to predict what will become of this information. It's possible it could be sold or used for identity theft attacks. If your data was part of this breach, you should take action to protect yourself as soon as possible.
What Should Affected Parties Do in the Aftermath of the Breach?
If you suspect your information was leaked in this pilot data breach, or you receive a direct notice informing you that you lost information, you should take steps to protect yourself. Pull your credit reports and look for any strange accounts or changes you don't recognize. You should consider investing in a identity theft or credit monitoring service, and you could protect yourself by putting a freeze on your credit as well. It's unlikely that any financial accounts were involved in this breach, but you should watch your important accounts and look for any odd changes or emails that have personal information from unknown senders.