When a certain airline suffers a breach, the threat actors can gain a lot. From emails and addresses to payment information, it’s definitely a WIN. A while ago, the new Indian airline – Akasa Air – witnessed a huge breach due to a vulnerability in its systems. Now, none other than American Airlines joined the mix.
This time around, it’s not a vulnerability or a bug. Instead, it’s a mistake by employees as they allowed cybercriminals to take over their emails. The number of employees is still undisclosed, but it’s confirmed that several of them are impacted.
While the company stated that there’s no evidence of data misusage, we have to say that it’s still an option. What is this breach all about and what did the attackers get their hands on? Here’s what we know.
American Airlines Breach – A Compromised Email Does it All
When it comes to data breaches, a simple mistake by any individual can cause a lot of damage. That’s exactly the case with companies that fail to fix bugs and vulnerabilities within their systems.
Unfortunately, this time around, it’s not a bug – it’s a mistake by employees as their emails got compromised. Due to this, the threat actor behind this was able to gain access to sensitive personal information.
Such a breach can have a great impact, especially if the retrieved data was used in phishing attacks. And based on what the Airline stated, the stolen information is more than enough to conduct such malicious activities.
American Airlines said that the threat actors were able to harvest personal information. That includes employees’ and customers’ names, mailing addresses, phone numbers, dates of birth, email addresses, driver’s license numbers, passport numbers, and certain medical information.
The company discovered the breach on July 5th, 2022, and has hired security firms to further conduct forensic investigations:
“In July 2022 we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members.
Upon discovery of the incident, we secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident.”
Fortunately, the company claims that none of the data is being misused at the moment. However, it’s still urging customers and employees alike to monitor their accounts, especially banking ones for any irregular activity:
“Although we have no evidence that your personal information has been misused, we recommend that you enroll in Experian’s credit monitoring.
In addition, you should remain vigilant, including by regularly reviewing your account statements and monitoring free credit reports.”
So far, we don’t know how many customers this breach has affected or the number of breached email accounts. We have to wait for American Airlines to disclose this information once the investigation concludes.
A Flight to Breach-Land
At the end of this article, we must note that the stolen information was actually used in phishing attacks. According to Andrea Koos, American Airlines’ Sr. Manager for Corporate Communications, the threat actors did use the employees’ accounts in a phishing campaign.
However, when asked for more information, he refused to state the number of targeted users. He, instead claimed that the campaign was very small.