Sunday, May 25, 2025
HomeCyber AttackAmerican Airlines Hacked - Email Accounts Compromised to Gain Personal Data Access

American Airlines Hacked – Email Accounts Compromised to Gain Personal Data Access

Published on

SIEM as a Service

Follow Us on Google News

After hackers compromised an undisclosed number of employee email accounts and accessed sensitive personal information, American Airlines has informed its customers that they have been the victim of a recent data breach.

It was revealed via notification letters that were sent to customers that the airline did not have any clue regarding the exposure and exploitation of the data.

On July 5th, American Airlines discovered that they had been hacked. Following the security breach, their immediate response was to secure the impacted email accounts the minute they became aware of it. 

- Advertisement - Google News

Further, the company has also sought the assistance of a cybersecurity forensics firm in order to conduct an investigation into the security breach.

Exposed Personal Information

This attack may have exposed employees’ and customers’ personal information that could have been accessed by the threat actors as a result of the attack.

While here below we have mentioned the data that may have been exposed by the threat actors:-

  • Names
  • Dates of birth
  • Mailing addresses
  • Phone numbers
  • Email addresses
  • Driver’s license numbers
  • Passport numbers
  • Certain medical information

There has also been a statement by the airline offering free two-year memberships to Experian’s IdentityWorks to affected customers to assist them in dealing with identity theft issues.

Moreover, American Airlines strongly recommended users that they should monitor their free credit reports and frequently review their account statements to remain alert.

Affected Individuals are Few

Currently, the number of customers affected by the incident and the number of email accounts that have been breached by the issue have not been disclosed by the company.

A phishing campaign was used in order to compromise the accounts of the employees. However, the company refused to provide information on how many clients were affected or how many employees were affected.

Here’s what the Sr. Manager for Corporate Communications of American Airlines, Andrea Koos stated:-

“A limited number of team members’ emails were accessed by an unauthorized phishing campaign. There was just a small amount of personal information on customers and employees contained in these email accounts, which was not very large.”

What is American Airlines Doing?

In addition to operating around 6,700 flights a day to about 350 destinations in over 50 countries, American Airlines is the largest airline by fleet size in the world, serving more than 1,300 aircraft on its mainline, and it employs more than 120,000 people.

Currently, the company has claimed that they are working on adding more technical safeguards to their existing system to avoid a future occurrence of such an event.

Download Free SWG – Secure Web Filtering – E-book

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats,...

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself...

TAG-110 Hackers Deploy Malicious Word Templates in Targeted Attacks

The Russia-aligned threat actor TAG-110, also linked to UAC-0063 and APT28 (BlueDelta) with medium...