Hackers reportedly obtained the personal information of more than 8,000 airline pilot applicants from American Airlines and Southwest Airlines after a breach of third-party vendor Pilot Credentials two months ago.
The airlines were not informed of the April 30 breach at the Austin-based company until a few days later, according to NBC 5.
Those affected by the breach were applicants of pilot and cadet programs, and they were only notified by the airlines last week, nearly seven weeks after the incident occurred.
The hackers acquired the applicants’ names, passwords, passport numbers, social security numbers, pilot license numbers, and driver’s license information. The breach was allegedly limited to the vendor’s network, and there was no breach of the airlines’ systems, reported Infosecurity Magazine.
Roy Akerman, CEO of the cybersecurity company Rezonate, said special security measures are needed when dealing with personal information.
“Whether critical information is managed by a third-party application, or a vendor has direct access to one’s infrastructure, additional security risk is introduced and therefore must be monitored and controlled,” said Akerman, per Infosecurity Magazine.
Filings indicate that 5,745 American Airlines applicants had their information breached, while Southwest Airlines experienced breaches affecting 3,009 applicants, NBC 5 reported. There are currently no reports suggesting that any breached information was used for fraudulent activities, but Southwest has already confirmed that they will be handling things differently in the future.
“We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest,” stated Southwest, per BleepingComputer.
American Airlines offered 2 years’ worth of identity theft insurance to those who may have had their personal information stolen during the breach. The Allied Pilots Association, which represents pilots at American Airlines, said 2,200 of its members had been affected by the hack, according to NBC 5.
Both airlines have said they are working with law enforcement to determine the best course of action.
Hacking has become increasingly common. The City of Dallas said it experienced a breach in cybersecurity in early May from an alleged ransomware attack that purportedly rendered certain aspects of its computer systems inoperable.
The effects of the supposed attack are still looming as crime statistics remain “unreliable.” The City Council even ended up authorizing the spending of millions of dollars in taxpayer money to bolster its cybersecurity systems.
