20.6 C
New York
Wednesday, September 28, 2022

American Airlines reveals data breach – two months after it was discovered

Illustration of a computer screen with a blue exclamation mark and an error box.
The accounts were compromised following a phishing campaign. | Photo by Amelia Holowaty Krales/MastStatus

American Airlines is alerting some of its customers to a data breach, where an “unauthorized actor” gained access to names, birthdays, mailing and email addresses, phone numbers, driver’s license and passport numbers, and “certain medical information” by compromising employee email addresses (via beeping computer). According to a template letter from the company, dated September 16, the airline discovered the breach in July and opened an investigation with a third-party cybersecurity firm.

I asked the company if they knew how long attackers had access to email accounts before the breach was discovered. In response, spokesperson Andrea Koos sent the airline’s statement, which contains some details about what happened but does not answer the question.

“American Airlines is aware of a phishing campaign that has led to unauthorized access to a limited number of team member mailboxes. A very small amount of personal customer and employee information were contained in those email accounts,” Koos said, adding that the company is “currently implementing additional technical safeguards to prevent a similar incident from happening in the future.” that she has “no evidence to suggest” that customers’ personal information has been misused.

Unfortunately, the lag between discovery and disclosure is not exactly uncommon. Samsung recently disclosed a breach nearly a month after discovering it, and earlier this year the public learned of a 2020 hack on the federal court system. While it’s understandable that investigations can take time, especially when it comes to figuring out who to tell, it does mean that bad actors have access to people’s information for a while before they even know it’s there. have to pay attention to the problems. In this particular case, American Airlines is offering individuals whose data has been affected two free years of Experian’s Identity Theft Protection Service.

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected


Latest Articles