In a disheartening turn of events, American Airlines and Southwest Airlines, two major global airlines, announced recently that they had fallen victim to data breaches resulting from a hack at Pilot Credentials, a third-party vendor responsible for managing pilot applications and recruitment portals for multiple airlines.
Both airlines were alerted to the incident on May 3, learning that the breach had affected only the systems of the third-party vendor and had not compromised their own networks or internal systems.
The unauthorized individual gained access to Pilot Credentials' systems on April 30, pilfering documents that contained information submitted by specific applicants during the pilot and cadet hiring process.
American Airlines revealed that the breach impacted 5,745 pilots and applicants, while Southwest reported a total of 3,009 individuals affected. The stolen data included personal details such as names, Social Security numbers, driver's license numbers, passport numbers, dates of birth, Airman Certificate numbers, and other government-issued identification numbers.
While there is currently no evidence suggesting that the stolen personal information was specifically targeted or exploited for fraudulent or identity theft purposes, both airlines have decided to direct all future pilot and cadet applicants to self-managed internal portals as a precautionary measure.
Sally Vincent, Senior Threat Research Engineer at LogRhythm, shared insights on the challenge of detecting these types of threats: "In addition to the challenges of managing and detecting threats within an enterprise's IT infrastructure, assessing third-party risk is also a critical aspect. For airlines, it is essential to have strong communication and notification tools, as well as a deep understanding of how to effectively configure their complex IT environment. This allows them to gain a comprehensive view of anomalous and malicious activities across all fronts, enabling a prompt and thorough response. By implementing a well-configured security monitoring solution that provides complete visibility, including for third-party vendors, it would have been more likely to detect indicators of compromise and mitigate the threat in a timely manner." This incident follows a previous data breach suffered by American Airlines in September 2022, wherein over 1,708 customers and team members were affected due to a phishing attack on employee email accounts in July 2022. The compromised personal information from that breach potentially included names, dates of birth, mailing addresses, phone numbers, email addresses, driver's license numbers, passport numbers, and certain medical information.
In March 2021, American Airlines also experienced a data breach after the global air information tech giant SITA disclosed that hackers had breached its servers and gained access to the Passenger Service System (PSS) used by multiple airlines worldwide.
###