"Breached American Airlines Email Accounts Abused for Phishing"

American Airlines recently discovered it was breached after receiving reports of employee email accounts being used in phishing attacks.  Last week, the airline started informing some of its customers that their personal data was likely compromised in a data breach identified in early July.  During an investigation, it was found that unknown threat actors compromised the email accounts of multiple American Airlines employees, which allowed them to access customer data in those accounts.  According to the company, the attackers might have also used the compromised accounts to access files stored on an employee SharePoint site.  American Airlines also noted that the attackers accessed the compromised mailboxes using the IMAP protocol, which could have allowed them to sync the contents of those mailboxes to another device.  The airline told US authorities that the breach had impacted roughly 1,700 customers and employees.  The company noted that the number of documents that contained personal information was small, and it would have taken the unauthorized actor significant time and resources to locate the personal information in the mailboxes.

SecurityWeek reports: "Breached American Airlines Email Accounts Abused for Phishing"