American Airlines Says Data Breach Affected Some Customers, Employees
American Airlines Inc. on Tuesday confirmed a data breach and said while an “unauthorized actor” gained access to personal information of a small number of customers and employees through a phishing campaign, there was no evidence of data misuse.
“We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future,” the airline said on Tuesday.
It discovered the breach in July and engaged a third-party cybersecurity forensic firm to conduct an investigation to determine the nature and the scope of the incident, according to a Sept. 16 consumer notification letter.
American Airlines has notified customers that personal information such as address, phone number, driver’s license number, passport number and/or certain medical information may have been accessed by the hacker, the letter showed.
“We regret that this incident occurred and take the security of your personal information very seriously,” Chief Privacy and Data Protection Officer Russell Hubbard said in the letter.