21 September 2022

American Airlines had waited two months to disclose a data breach


American Airlines had waited two months to disclose a data breach

American Airlines, a major US-based airline, has disclosed a data breach where an unauthorized party gained access to employee accounts via a phishing campaign.

In a notification letter sent to impacted individuals the company said that the breach was discovered in July 2022, and may have affected customer and employees’ personal information, such as name, date of birth, mailing address, phone number, email address, driver’s license number, passport number, and/or certain medical information.

“Upon discovery of the incident, we secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident. Our investigation determined that certain personal information was in the email accounts. We conducted a full eDiscovery exercise and determined some of your personal information may have been contained in the accessed email accounts,” the notice reads.

There is no evidence that exposed personal information was misused, the company said.

Recently, the ride-hailing company Uber Technologies and video game publisher Rockstar Games also disclosed similar breaches.

Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022