American Airlines has released a statement confirming that it suffered from a data breach that affected employee inboxes in July. The data breach occurred over the last several days and begun with a phishing attack that led to the unauthorized access. American Airlines stated that the threat actor was able to view a limited number of mailboxes belonging to the airline’s employees. As a result, a small number of customer and employee personal information was accessed. This suggests that the attacker or attackers were not able to breach corporate data stores.
The airline has released a breach notification letter confirming the attack, which took place earlier this summer. American Airlines stated that there was no evidence that led security researchers to believe that a large amount of customer data was accessed. The information that may have been exposed for a small number of customers includes names, dates of birth, phone numbers, mailing addresses, email addresses, passport numbers, driver’s licenses, and medical information. Those who were affected by the attack have been offered two years’ worth of identity theft protection provided by American Airlines through Experian.
Read More: American Airlines Breach Exposes Customer and Staff Information