Wednesday, May 22, 2024

American Airlines Hacked – Email Accounts Compromised to Gain Personal Data Access

After hackers compromised an undisclosed number of employee email accounts and accessed sensitive personal information, American Airlines has informed its customers that they have been the victim of a recent data breach.

It was revealed via notification letters that were sent to customers that the airline did not have any clue regarding the exposure and exploitation of the data.

On July 5th, American Airlines discovered that they had been hacked. Following the security breach, their immediate response was to secure the impacted email accounts the minute they became aware of it. 

Further, the company has also sought the assistance of a cybersecurity forensics firm in order to conduct an investigation into the security breach.

Exposed Personal Information

This attack may have exposed employees’ and customers’ personal information that could have been accessed by the threat actors as a result of the attack.

While here below we have mentioned the data that may have been exposed by the threat actors:-

  • Names
  • Dates of birth
  • Mailing addresses
  • Phone numbers
  • Email addresses
  • Driver’s license numbers
  • Passport numbers
  • Certain medical information

There has also been a statement by the airline offering free two-year memberships to Experian’s IdentityWorks to affected customers to assist them in dealing with identity theft issues.

Moreover, American Airlines strongly recommended users that they should monitor their free credit reports and frequently review their account statements to remain alert.

Affected Individuals are Few

Currently, the number of customers affected by the incident and the number of email accounts that have been breached by the issue have not been disclosed by the company.

A phishing campaign was used in order to compromise the accounts of the employees. However, the company refused to provide information on how many clients were affected or how many employees were affected.

Here’s what the Sr. Manager for Corporate Communications of American Airlines, Andrea Koos stated:-

“A limited number of team members’ emails were accessed by an unauthorized phishing campaign. There was just a small amount of personal information on customers and employees contained in these email accounts, which was not very large.”

What is American Airlines Doing?

In addition to operating around 6,700 flights a day to about 350 destinations in over 50 countries, American Airlines is the largest airline by fleet size in the world, serving more than 1,300 aircraft on its mainline, and it employs more than 120,000 people.

Currently, the company has claimed that they are working on adding more technical safeguards to their existing system to avoid a future occurrence of such an event.

Download Free SWG – Secure Web Filtering – E-book

Website

Latest articles

OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack

OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients'...

Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

The widely used team workspace corporate wiki Confluence has been discovered to have a...

Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts

In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a...

Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments

Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident...

Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers...

DoppelGänger Attack: Malware Routed Via News Websites And Social Media

A Russian influence campaign, DoppelGänger, leverages fake news websites (typosquatted and independent) to spread...

Critical Memory Corruption In Cloud Logging Infrastructure Enables Code Execution Attack

A new critical vulnerability has been discovered in Fluent Bit's built-in HTTP server, which...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles