American Airlines and Southwest Airlines Disclose Data Breaches

Two of the world’s largest airlines, American Airlines and Southwest Airlines, recently reported data breaches caused by the hack of Pilot Credentials, a third-party vendor that manages the pilot applications and recruitment portals for several airlines. The airlines were notified of the incident on May 3 and confirmed that the breach was limited to the third-party vendor’s systems with no compromise or impact on their own networks or systems.

On April 30, an unauthorized individual gained access to Pilot Credentials’ systems and stole documents containing information provided by certain applicants in the pilot and cadet hiring process.

American Airlines reported that the data breach affected 5745 pilots and applicants, while Southwest Airlines reported a total of 3009. The stolen documents contained personal information such as names, Social Security numbers, driver’s license numbers, passport numbers, date of birth, Airman Certificate numbers, and other government-issued identification numbers. Both airlines have notified relevant law enforcement authorities and are cooperating with their ongoing investigation into the matter.

Although there is no evidence indicating that the pilots’ personal information was specifically targeted or exploited for fraudulent or identity theft purposes, both airlines have decided to direct all pilot and cadet applicants to self-managed internal portals from now on. “We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest,” Southwest Airlines said.

American Airlines’ Previous Data Breaches

This is not the first time American Airlines has experienced a data breach. In September 2022, the airline disclosed another data breach that impacted over 1,708 American Airlines customers and team members following a July 2022 phishing attack that led to the compromise of several employee email accounts. Personal information including names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers, and certain medical information may have been exposed in the July 2022 breach.

Additionally, American Airlines experienced a data breach in March 2021 after global air information tech giant SITA disclosed that hackers breached its servers and accessed the Passenger Service System (PSS) used by multiple airlines worldwide.

American Airlines is the world’s largest airline by fleet size with over 1,300 aircraft in its mainline, operates almost 6,700 flights daily to roughly 350 destinations in over 50 countries, and has more than 120,000 employees. Southwest Airlines, on the other hand, is the world’s largest low-cost carrier, present in over 121 airports across 11 countries, and has nearly 70,000 employees.