Several passengers of American Airlines are being warned that their personal information might have been compromised as a result of threat actors getting access to employee email accounts.
The airline said that a phishing attempt led to hackers gaining access to the mailboxes of a limited number of employees. The stolen email accounts held some consumers’ personal data. The airline noted in notice letters distributed on Friday, September 16th, that there is no proof that the disclosed data was misused.
The hack was detected on July 5th by American Airlines, which then swiftly protected the affected email accounts and recruited a cybersecurity forensics company to look into the security incident.
American Airlines had hired a cybersecurity forensics company to look into the incident. The inquiry revealed that unauthorized actors had obtained the personal information of both customers and workers. Although they did not say how many consumers were impacted, they did say that names, dates of birth, addresses, emails, phone numbers, passport numbers, and even certain medical information could have been exposed.
American Airlines issued the following statement to BleepingComputer by the Manager for Corporate Communications. “American Airlines is aware of a phishing campaign that resulted in a small number of team members’ mailboxes being improperly accessed.”
A very small amount of customers’ and workers’ personal information was found in those email accounts, according to American Airlines, which also provided a two-year membership to Experian’s IdentityWorks.
With regard to the incident, the company stated “data security is of the utmost importance and we provided customers and team members with precautionary support. We also are actively developing additional technical safeguards to avoid a similar incident from happening in the future, even though we have no proof that any personal information has been misused.”
To help employees recognize targeted phishing attacks, firms must ensure that staff receives adequate security training. Organizations’ IT and security departments should explain to staff how communications will be handled. It is crucial to always inform people about how to recognize phishing emails.
Read the full article here