American Airlines Data Breach: What You Need to Know

The US airline - which currently boasts the world's largest fleet of aircraft - has fallen victim to a phishing campaign.
Aaron Drapkin

American Airlines has suffered a data breach affecting a small number of customers, the company has confirmed.

The aviation industry is no stranger to data breaches, but they’re becoming increasingly common across almost all industries and sectors of the economy.

Not enough companies use tech like password managers to create secure passwords for business email accounts, nor train staff to recognize suspicious communications. Weak credentials can be easily compromised with brute-forcing and credential stuffing, and in this case, a crafty phishing campaign duped employees.

American Airlines Breached

American Airlines have said that the personal information of a “very small number” of customers and employees was accessed by an unauthorized party that compromised business email accounts.

“American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes” Curtis Blessing, American Airlines.

“Additional technical safeguards to prevent a similar incident from occurring in the future” have been put in place, Blessing added.

The company, based in Fort Worth, Texas, said that information that could have been obtained by a threat actor during the breach includes dates of birth, driver’s licenses, passport numbers, and medical information, but that there’s reportedly no indication the attackers have misused it thus far.

Why are Airlines Seemingly Prone to Data Breaches?

A cursory Google search will illustrate that data breaches are not exactly uncommon across the global aviation industry.

British Airways were fined for a data breach back in 2019, and 9 million EasyJet passengers had their data illegally accessed in 2020 as part of a sophisticated cyberattack and had to pay customers significant compensation.

Then, last year, Malaysia Airlines found itself with the mammoth task of investigating over nine years worth of compromised data after learning of a security incident that occurred with a third-party IT provider.

Other airlines that have been hit with data breaches in the last year include flagship services Air New Zealand and Lufthansa, the latter of which was involved in a 2021 breach that also involved Singapore and United Airlines, all part of the Star Alliance group.

Airlines are definitely an attractive target for hackers, considering they store precisely the kind of information you’d need to orchestrate an identity theft, including passport numbers, full names, dates of birth, and more.

Protecting Yourself From Cyber Threats

Phishing campaigns are a huge threat to businesses, and the commercial availability of “Phish Kits” means that almost anyone can orchestrate a campaign, regardless of their technical ability. It's very much a DIY activity in the modern era.

Ensuring your staff team is well-versed in spotting the tell-tale signs of a phishing campaign is essential, and an increasing number of companies are now sending staff “mock” phishing messages to help them put their knowledge to the test.

A lot of phishing attacks look to steal account credentials by opening windows to fake login pages that mimic legitimate websites, like Facebook and Microsoft, while others load malware directly onto victims’ computers after links are clicked.

Phishing, however, isn’t the only kind of attack – brute-forcing accounts with weak passwords, as well as credential stuffing, are still common.

Using a password manager can help defend against both of these types of attacks, because your employees will be able to create strong and unique passwords for all their accounts, business and personal.

All in all, a healthy combination of useful security software and regular training will ensure your business is protected against the broadest range of threats.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol three years ago. As a writer, Aaron takes a special interest in VPNs and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, The Week, and Politics.co.uk covering a wide range of topics.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals