NPR reports the Fort Worth-based airline confirmed a “very small number” of accounts were affected by the data breach.
Information Leaked Includes Date of Birth and Drivers License Numbers
Although the carrier confirmed the attack happened, they did not divulge how many employees and customers were affected by the attack. Instead, spokespersons for the company said those directly affected were informed and offered two years of identity theft protection company.
According to American, the attack was the result of a phishing campaign targeting internal employees. In turn, the hackers were able to get into a “limited number of team member mailboxes,” leading to access to certain information about customers and American employees. It’s not clear if the customers affected were members of American Airlines AAdvantage, or why the customer and employee information was in the e-mail boxes.
Some of the information leaked includes customer and employee names, dates of birth, drivers license numbers, passport numbers and medical information sent to the airline. The original breach was discovered in July 2022 by Montana law enforcement officials, but those affected were sent out information in late September 2022.
To prevent further attacks, the carrier says they are working to place “additional technical safeguards” within their systems. Spokespersons did not say if the employees are still with the company.
Breach Adds to Hard Year for American Airlines
The data breach adds to what has been a difficult year for airline customer service. By July 2022, American Airlines lead all carriers in complaint categories revealed in the July 2022 Air Travel Consumer Report, including most mishandled bags and most mishandled mobility devices.
Source: frugal travel guy