"American Airlines Reveals Data Breach Incident Occurred After Employee Email Was Compromised"
American Airlines faced a data breach in which attackers hacked an unknown number of staff email accounts and gained access to highly sensitive personal data. In notification letters sent to customers, the airline clarified that there is no proof that the disclosed data was abused. American Airlines discovered the hack on July 5, immediately protecting the affected email accounts and hiring a cybersecurity forensics firm to investigate the security issue. Names, dates of birth, phone numbers, postal addresses, email addresses, passport numbers, driver's license numbers, and/or specific medical information of employees and customers may have been exposed in the attack and could have been accessed by threat actors. The airline stated that impacted customers would receive a complimentary two-year subscription to Experian's IdentityWorks to assist in the detection and resolution of identity theft. The company has not disclosed how many customers were affected by the incident or how many email accounts were compromised. The employees' accounts were hijacked in a phishing attempt, according to Andrea Koos, Senior Manager for Corporate Communications at American Airlines. This article continues to discuss the American Airlines data breach.