American Airlines Says Data Breach Affected Small Number of Customers
The phishing campaign allowed hackers to gain access to the email accounts of some American Airlines staffers.
Photo:
JOSHUA ROBERTS/REUTERS
Hackers gained access to personal data for a “very small number” of
customers and employees through a phishing scam that affected some employee email accounts, the airline said Tuesday.
American discovered the breach in July, according to a Sept. 16 notification letter shared with state regulators in Montana. The airline said in a written statement that it has no evidence that any personal data had been misused.
A spokesman for the airline said it has offered customers and employees “precautionary support” and is implementing technical safeguards to prevent similar incidents in the future.
The attack was the result of a phishing campaign that allowed hackers to gain access to “a limited number of team member mailboxes,” American said. Those email accounts contained personal information for “a very small number” of customers and employees, the airline said.
American secured the email accounts and engaged a third-party cybersecurity forensic firm to investigate the incident, according to the letter shared with state regulators. The personal information accessed might have included names, dates of birth, addresses, phone numbers, driver’s-license numbers and certain medical information, the letter said.
Write to Alison Sider at alison.sider@wsj.com
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
