Thursday, May 1, 2025
HomeCyber AttackAmerican Airlines Hacked - Email Accounts Compromised to Gain Personal Data Access

American Airlines Hacked – Email Accounts Compromised to Gain Personal Data Access

Published on

SIEM as a Service

Follow Us on Google News

After hackers compromised an undisclosed number of employee email accounts and accessed sensitive personal information, American Airlines has informed its customers that they have been the victim of a recent data breach.

It was revealed via notification letters that were sent to customers that the airline did not have any clue regarding the exposure and exploitation of the data.

On July 5th, American Airlines discovered that they had been hacked. Following the security breach, their immediate response was to secure the impacted email accounts the minute they became aware of it. 

- Advertisement - Google News

Further, the company has also sought the assistance of a cybersecurity forensics firm in order to conduct an investigation into the security breach.

Exposed Personal Information

This attack may have exposed employees’ and customers’ personal information that could have been accessed by the threat actors as a result of the attack.

While here below we have mentioned the data that may have been exposed by the threat actors:-

  • Names
  • Dates of birth
  • Mailing addresses
  • Phone numbers
  • Email addresses
  • Driver’s license numbers
  • Passport numbers
  • Certain medical information

There has also been a statement by the airline offering free two-year memberships to Experian’s IdentityWorks to affected customers to assist them in dealing with identity theft issues.

Moreover, American Airlines strongly recommended users that they should monitor their free credit reports and frequently review their account statements to remain alert.

Affected Individuals are Few

Currently, the number of customers affected by the incident and the number of email accounts that have been breached by the issue have not been disclosed by the company.

A phishing campaign was used in order to compromise the accounts of the employees. However, the company refused to provide information on how many clients were affected or how many employees were affected.

Here’s what the Sr. Manager for Corporate Communications of American Airlines, Andrea Koos stated:-

“A limited number of team members’ emails were accessed by an unauthorized phishing campaign. There was just a small amount of personal information on customers and employees contained in these email accounts, which was not very large.”

What is American Airlines Doing?

In addition to operating around 6,700 flights a day to about 350 destinations in over 50 countries, American Airlines is the largest airline by fleet size in the world, serving more than 1,300 aircraft on its mainline, and it employs more than 120,000 people.

Currently, the company has claimed that they are working on adding more technical safeguards to their existing system to avoid a future occurrence of such an event.

Download Free SWG – Secure Web Filtering – E-book

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

TheWizards Deploy ‘Spellbinder Hacking Tool’ for Global Adversary-in-the-Middle Attack

ESET researchers have uncovered sophisticated attack techniques employed by a China-aligned threat actor dubbed...