American Airlines and Southwest report third party data breach exposing pilots

American Airlines and Southwest Airlines, two of the biggest airlines globally, have recently disclosed data breaches that have affected their pilots.

The incident involving Pilot Credentials was brought to the attention of both airlines on May 3. The breach was contained within the systems of the third-party vendor, posing no compromise or impact on the airlines' internal networks or systems.

On April 30, an unauthorized individual managed to gain access to Pilot Credentials' systems and proceeded to steal documents containing information provided by certain applicants in the pilot and cadet hiring process.

Affected individuals vary per airline:

• American Airlines reported that the data breach had affected 5,745 pilots and applicants,
• Southwest Airlines stated a total of 3,009 individuals were impacted.

Exposed data include:

• name,
• Social Security number,
• driver’s license number,
• passport number,
• date of birth,
• Airman Certificate number,
• other government-issued identification numbers.

Currently here is no evidence suggesting that the pilots' personal information was specifically targeted or exploited for fraudulent or identity theft purposes.

Both airlines have decided to stop using the vendor services and redirect all pilot and cadet applicants to self-managed internal portal.