Friday, March 1, 2024

Pilot Logins of American and Southwest Airlines Stolen in Data Breach

American Airlines and Southwest Airlines, two significant US-based aviation companies, have announced data breaches that have impacted their Pilot Credentials.

Pilot Credentials, a third party, manages various airlines’ pilot application and recruiting websites, including Southwest Airlines.

The Pilot Credentials issue, which only affected the third-party vendor’s systems and had no effect on the airlines’ networks or systems, was disclosed to both airlines on May 3.

The Findings Of The Data Security Incident

On April 30, an unauthorized person accessed Pilot Credentials’ systems and stole files comprising data offered by a few applicants in the pilot and cadet recruiting process.

Southwest immediately launched an inquiry and collaborated with the third-party vendor to learn more and respond to the problem. In particular, no networks or systems of the Southwest were impacted or compromised.

According to a third-party vendor, an unauthorized user gained access to its systems on or around April 30, 2023, and took certain data that had been given to them by some pilot applicants.

American Airlines and Southwest revealed that a total of 5745 pilots and applicants were impacted by the data breach, while the Office of the Attorney General for Maine received breach notifications from 3009 individuals.

“Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s),” American Airlines said.

The airlines will now drive all pilot and cadet applicants to self-managed internal portals, even though there is no proof that the pilots’ personal information was intentionally targeted or exploited for fraud or identity theft.

“We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest,” Southwest Airlines.

Overview of Other Breaches

American Airlines has recently faced several issues, including this most recent data breach. Over 1,708 customers and team employees were impacted by a new breach that the firm announced in September 2022.

This breach happened due to a phishing assault that affected multiple staff email accounts in July 2022.

Additionally, in March 2021, American Airlines had a data breach after the global leader in aviation information technology, SITA, disclosed that hackers had accessed its servers and obtained unauthorized access to the Passenger Service System (PSS) utilized by many airlines globally.

Notably, the company has a massive network covering more than 50 countries and employs more than 120,000 people. Southwest Airlines, with operations in 11 nations. Furthermore, it employs almost 70,000 people and serves over 121 airports.

The security and privacy of the information belonging to its stakeholders are priorities for both American Airlines and Southwest Airlines.

The airline industry has to be diligent in protecting sensitive data and staying ahead of developing cyber threats while investigations into these breaches are ongoing.

AI-based email security measures Protect your business From Email Threats! – Request a Free Demo.


Latest articles

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...

CWE Version 4.14 Released: What’s New!

The Common Weakness Enumeration (CWE) project, a cornerstone in the cybersecurity landscape, has unveiled...

RisePro Stealer Attacks Windows Users Steals Sensitive Data

A new wave of cyber threats has emerged as the RisePro information stealer targets...

Golden Corral Restaurant Chain Hacked: 180,000+ Users’ Data Stolen

The Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data...

CISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPN

Threat actors target and abuse VPN flaws because VPNs are often used to secure...

BEAST AI Jailbreak Language Models Within 1 Minute With High Accuracy

Malicious hackers sometimes jailbreak language models (LMs) to exploit bugs in the systems so...

Hackers Hijack Anycubic 3D Printers to Display Warning Messages

Anycubic 3D printer owners have been caught off guard by a series of unauthorized...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles