Airline giant, American Airlines released a data breach notification, informing about a data breach compromising the accounts of its employees. This article shares details of the data breach, the information that was leaked, how American Airlines is dealing with it, and what employees can do to protect themselves.

tates’ major airlines, with its headquarters in Texas. American Airlines is the world’s largest airline, with over $165.7 million passengers carried, a $161.5 billion revenue, and over 1300 mainline aircraft. According to Statista, American Airlines had 123,400 employees in 2021, meaning the threat actors could have accessed a significant number of employee email accounts in the data breach.


American Airlines Data Breach Explained

American Airlines uncovered a threat actor in July 2022. The threat actor had compromised the email accounts of limited American Airlines employees. American Airlines secured the email accounts and promptly hired a third-party cybersecurity organization to define the nature and scope of the data breach via a full-scale forensic investigation.

American Airlines says that the investigation supplied facts that the compromised email accounts included the personal information of its employees and further conducted an eDiscovery exercise. (An electronic discovery approach to gathering, investigating, and exchanging information as evidence.)

The eDiscovery exercise affirmed the presence of confidential and personal info in compromised email accounts. Although no evidence pointed to the abuse of such personal information, American Airlines released a data breach notification underlining the incident, providing defensive measures for its employees, and urging them to opt for Experian’s credit monitoring.


Information Leaked during the American Airlines Data Breach

American Airlines also included the details of potential information that may have been involved or compromised during the data breach. The information includes

  •       Employee Name
  •       Date of Birth
  •       Email Address
  •       Phone Number
  •       Driver’s License Number
  •       Passport Number
  •       Medical Information

Since the leaked information contains PII (Personal Identifiable Information) and PHI (Protected Health Information), even if the data breach compromised a handful of American Airlines employee accounts, the information that the threat actors have access to is significant and can be used for malicious purposes.



The threat actors can potentially apply for lines of credit, commit income tax fraud, steal prescription drugs, target victims with healthcare fraud, and create fake insurance claims. The information can also be sold on the dark web or utilized for identity theft.


How is American Airlines Dealing with the Data Breach?

American Airlines highlighted in its data breach notification that the airline has started implementing additional technical safeguards to prevent data breaches in the future. The airline clarifies that there is no evidence to suggest the misuse of the leaked information and has offered its employees a two-year membership of Experian’s Identity Works. Experian’s Identity Works is an advanced product that provides sophisticated identity detection and resolution in identity theft cases.

The Verge says that in response to its question of the total time the threat actors had access to the employee email accounts, spokesperson Andrea Koos revealed the official statement. Andrea Koos is the Senior Manager for Corporate Communications at American Airlines.

Koos says, “American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts.” Koos also highlighted once again that there is “no evidence to suggest” that any personal information of the airline’s employees was misused.

The statement may be present in various sources and the data breach notification by the airline. However, the question arises why the airline was aware of a phishing campaign and did not take adequate protective measures for its employees. This is not the only recent case, as American Airlines also suffered when SITA’s servers were breached last year.


SITA Server Data Breach Recap that Affected American Airlines

SITA aero suffered a data breach in 2021 when confidential information of passengers was accessed. The threat actors breached the PSS (Passenger Service System) and had access to ticket reservations and boarding transactions.



The data breach impacted over 2.1 million individuals, most of them belonging to Lufthansa’s Miles and More frequent fliers. SITA issued a public statement about the data breach, which harmed many airline giants such as American Airlines, Air New Zealand, Singapore Airlines, Malaysia Airlines, and more.


What Can American Airlines Employees Do?

American Airlines has recommended its employees to:

  •   Enroll in Experian’s Credit Monitoring.
  •   Regularly review account statements and free credit reports.
  •   Freeze the account in case of suspicious activity.

Considering the data that is at risk, there is little that employees can do. Following Andrea Koos’ statement and the presence of the phishing campaign, it would be best for employees to learn more about phishing and undergo phishing awareness programs to keep away from malicious emails and phishing links.


What is Phishing, and How can American Airlines Employees Protect Against Phishing?

Phishing is a social engineering cyber crime that involves email communication to establish contact. These emails often contain URLs (Uniform Resource Locators) to protected files, fake websites, dropboxes, and malicious downloads that are designed to harvest login credentials and steal information.

You can easily protect against phishing by:

  1. Automated Tools: Automated tools to detect phishing emails and security software such as antivirus and firewalls.
  2. Mobile Security: Keeping mobile devices up to date to detect malicious files and activity. 
  3. Implementing MFA: Using multi-factor authentication for additional security while logging into the email and other accounts.
  4. Phishing Awareness: Looking out for giveaways of phishing emails such as:
  • Unsolicited communication and phishing links.
  • Grammatical errors in the text.
  • Incorrect information as compared to authentic websites.
  • The urgency of email conversations such as payment of bills, tax invoices, cancellation of services, account updating, and similar ones.


Final Words

Being one of the world’s largest airlines that handles nearly 7000 daily flights to over 350 destinations globally, the American Airlines data breach has showcased how the larger organizations are the target of cybercriminals who are not wasting a single day wreaking havoc.

The organization has not yet disclosed the number of employees impacted by the data breach and has not supplied the details of the breach, how the attack happened, or the details of the ongoing forensic investigation. Until the details are available to the public, employees should follow the above guidelines for protection from phishing and continuously monitor their accounts and financial statements for malicious activity.