Tuesday, June 18, 2024

Pilot Logins of American and Southwest Airlines Stolen in Data Breach

American Airlines and Southwest Airlines, two significant US-based aviation companies, have announced data breaches that have impacted their Pilot Credentials.

Pilot Credentials, a third party, manages various airlines’ pilot application and recruiting websites, including Southwest Airlines.

The Pilot Credentials issue, which only affected the third-party vendor’s systems and had no effect on the airlines’ networks or systems, was disclosed to both airlines on May 3.

The Findings Of The Data Security Incident

On April 30, an unauthorized person accessed Pilot Credentials’ systems and stole files comprising data offered by a few applicants in the pilot and cadet recruiting process.

Southwest immediately launched an inquiry and collaborated with the third-party vendor to learn more and respond to the problem. In particular, no networks or systems of the Southwest were impacted or compromised.

According to a third-party vendor, an unauthorized user gained access to its systems on or around April 30, 2023, and took certain data that had been given to them by some pilot applicants.

American Airlines and Southwest revealed that a total of 5745 pilots and applicants were impacted by the data breach, while the Office of the Attorney General for Maine received breach notifications from 3009 individuals.

“Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s),” American Airlines said.

The airlines will now drive all pilot and cadet applicants to self-managed internal portals, even though there is no proof that the pilots’ personal information was intentionally targeted or exploited for fraud or identity theft.

“We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest,” Southwest Airlines.

Overview of Other Breaches

American Airlines has recently faced several issues, including this most recent data breach. Over 1,708 customers and team employees were impacted by a new breach that the firm announced in September 2022.

This breach happened due to a phishing assault that affected multiple staff email accounts in July 2022.

Additionally, in March 2021, American Airlines had a data breach after the global leader in aviation information technology, SITA, disclosed that hackers had accessed its servers and obtained unauthorized access to the Passenger Service System (PSS) utilized by many airlines globally.

Notably, the company has a massive network covering more than 50 countries and employs more than 120,000 people. Southwest Airlines, with operations in 11 nations. Furthermore, it employs almost 70,000 people and serves over 121 airports.

The security and privacy of the information belonging to its stakeholders are priorities for both American Airlines and Southwest Airlines.

The airline industry has to be diligent in protecting sensitive data and staying ahead of developing cyber threats while investigations into these breaches are ongoing.

AI-based email security measures Protect your business From Email Threats! – .


Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles