Information on over 8,000 pilot applicants at American Airlines and Southwest Airlines was accessed after a hacker breached a database at a recruitment firm. Personal details like names, passport and social security numbers, and pilot license numbers were stolen during the hack.
American and Southwest reveal pilot hack
According to a filing with Maine’s Office of the Attorney General, 5,745 pilot applicants at American Airlines had their personal information stolen, while Southwest reported a total of 3,009. The hacker(s) targeted Pilot Credentials, a Texas-based recruitment support company that works with both airlines.
As reported by Bleeping Computer, American Airlines said in a statement to those affected by the data theft,
“Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number.”
The data breach is said to have occurred on April 30th, with the airlines discovering it a few days later on May 3rd – however, individuals affected by the hack were only informed about it last week, almost two months later. The Allied Pilots Association said 2,200 of its members at American Airlines were affected, adding that it was not happy the airline knew about it for seven weeks before notifying applicants.
Photo: Vincenzo Pace | Simple Flying.
American said there is no evidence the information has since been used for fraudulent purposes, adding that its own systems were not compromised during the breach at Pilot Credentials. The airline has offered each affected individual a two-year ‘IdentityWorks’ package with Experian providing protection from identity theft – both carriers are now cooperating with authorities investigating the matter.
Airlines make application changes
Both airlines said that, since the hack occurred, they have processed applications through their own websites, rather than working with third-party companies like Pilot Credentials – a look at Pilot Credentials’ portal for American and Southwest applications confirms this with the message “sign up is currently disabled”.
Photo: Ceri Breeze/Shutterstock
Southwest Airlines added,
“We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest.”
The latest data breach
As Simple Flying reported last September, American Airlines was the target of a phishing attack that exposed customer and employee data, although the airline claimed none of the information was used for criminal purposes – as with its most recent incident, American offered affected employees and customers a two-year membership to Experian’s IdentityWorks software.
The carrier was also caught up in a large-scale data breach in March 2021 – on this occasion, hackers attacked aviation tech provider SITA and accessed the Passenger Service System (PSS).
Do you think American Airlines and Southwest Airlines should have informed affected individuals about the data breach sooner? Let us know your thoughts in the comments.
Source: Bleeping Computer
Click Here For The Original Story From This Source.
