Wednesday, October 5, 2022
Home Tech News American Airlines reveals data breach — two months after it was discovered

American Airlines reveals data breach — two months after it was discovered

/

The company says someone got access to ‘a limited number’ of employee email accounts

a:hover]:text-black [&>a]:shadow-underline-gray-63 [&>a:hover]:shadow-underline-black text-gray-63″>Photo by Amelia Holowaty Krales / The Verge

American Airlines is alerting some of its customers to a data breach, where an “unauthorized actor” got access to names, birthdays, mailing and email addresses, phone, driver’s license and passport numbers, and “certain medical information” by compromising employee email addresses (via Bleeping Computer). According to a sample letter from the company, dated September 16th, the airline discovered the breach in July and began an investigation with a third-party security cybersecurity firm.

I asked the company if it knew how long the attackers had access to the email accounts before the breach was discovered. In response, spokesperson Andrea Koos sent the airline’s statement, which contains a few details about what happened but doesn’t answer the question.

“American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts,” Koos said, before adding that the company is “currently implementing additional technical safeguards to prevent a similar incident from occurring in the future.” The company says it has “no evidence to suggest” that customers’ personal info has been misused.

Unfortunately, the lag between discovery and disclosure isn’t exactly uncommon. Samsung recently disclosed a breach almost a month after it had discovered it, and earlier this year, the public learned about a 2020 hack on the federal court system. While it’s understandable that investigations can take time, especially when it comes to determining who to notify, it does mean that bad actors have access to people’s info for quite a while before they even know to watch out for problems. In this particular instance, American Airlines is offering people whose data was affected two free years of Experian’s identity theft protection service.

- Advertisment -

Most Popular

71 acres in Englishman River watershed donated to Nature Trust of B.C.

Environmentalists on Vancouver Island are celebrating a sizable land donation aimed at protecting a critical watershed near Nanaimo, B.C. Chilliwack-based construction company the Emil Anderson...

‘There’s endless choice, but you’re not listening’: fans quitting Spotify to save their love of music

‘There’s endless choice, but you’re not listening’: fans quitting Spotify to save their love of musicFormer streaming service subscribers on why they have ditched...

Elon Musk is wrong about patents. Here’s why IP isn’t ‘for the weak’

“Patents are for the weak” retorted Elon Musk to veteran broadcaster Jay Leno while giving him a tour of SpaceX. Leno, during the latest...

Walmart launches ‘metaverse’ experience in Roblox to sell toys to children

Tech/Business / How do you do, fellow RobloxiansWalmart has launched a pair of “immersive experiences” in online gaming platform Roblox. The retailer is presenting...