American Airlines and Southwest Airlines, two significant US-based aviation companies, have announced data breaches that have impacted their Pilot Credentials.

Pilot Credentials, a third party, manages various airlines’ pilot application and recruiting websites, including Southwest Airlines.

The Pilot Credentials issue, which only affected the third-party vendor’s systems and had no effect on the airlines’ networks or systems, was disclosed to both airlines on May 3.

The Findings Of The Data Security Incident

On April 30, an unauthorized person accessed Pilot Credentials’ systems and stole files comprising data offered by a few applicants in the pilot and cadet recruiting process.

Southwest immediately launched an inquiry and collaborated with the third-party vendor to learn more and respond to the problem. In particular, no networks or systems of the Southwest were impacted or compromised.

According to a third-party vendor, an unauthorized user gained access to its systems on or around April 30, 2023, and took certain data that had been given to them by some pilot applicants.

American Airlines and Southwest revealed that a total of 5745 pilots and applicants were impacted by the data breach, while the Office of the Attorney General for Maine received breach notifications from 3009 individuals.

“Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s),” American Airlines said.

The airlines will now drive all pilot and cadet applicants to self-managed internal portals, even though there is no proof that the pilots’ personal information was intentionally targeted or exploited for fraud or identity theft.

“We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest,” Southwest Airlines.

Overview of Other Breaches

American Airlines has recently faced several issues, including this most recent data breach. Over 1,708 customers and team employees were impacted by a new breach that the firm announced in September 2022.

This breach happened due to a phishing assault that affected multiple staff email accounts in July 2022.

Additionally, in March 2021, American Airlines had a data breach after the global leader in aviation information technology, SITA, disclosed that hackers had accessed its servers and obtained unauthorized access to the Passenger Service System (PSS) utilized by many airlines globally.

Notably, the company has a massive network covering more than 50 countries and employs more than 120,000 people. Southwest Airlines, with operations in 11 nations. Furthermore, it employs almost 70,000 people and serves over 121 airports.

The security and privacy of the information belonging to its stakeholders are priorities for both American Airlines and Southwest Airlines.

The airline industry has to be diligent in protecting sensitive data and staying ahead of developing cyber threats while investigations into these breaches are ongoing.

AI-based email security measures Protect your business From Email Threats! – Request a Free Demo.