Imagine this: you’re a pilot or a hopeful applicant, and one day you receive a letter that your personal information has been compromised due to a data breach. It’s a nightmare situation, and it recently happened to thousands of American Airlines and Southwest Airlines pilots and applicants.
On May 3, both airlines were notified of a data breach involving Pilot Credentials, a third-party vendor that manages pilot applications and recruitment portals for multiple airlines. The unauthorized access took place on April 30, and the hacker made off with documents containing sensitive information about pilots and cadet applicants.
How extensive was the damage? According to breach notifications, American Airlines reported that 5,745 pilots and applicants were affected, while Southwest Airlines revealed a total of 3,009 individuals impacted.
The stolen data included names, Social Security numbers, driver’s license numbers, passport numbers, dates of birth, and other government-issued identification numbers. Although no signs of identity theft or fraud have been discovered yet, both airlines decided to cut ties with the vendor and direct pilot and cadet applicants to internal portals managed by the airlines themselves.
Not the First Time for American Airlines
This isn’t the first data breach American Airlines has faced in recent years. In September 2022, the company disclosed a breach involving over 1,708 customers and team members, resulting from a July 2022 phishing attack. Personal information exposed during this incident included names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers, and even certain medical information. Another breach occurred in March 2021 when global air information tech giant SITA reported a hack on its servers, exposing the Passenger Service System (PSS) used by multiple airlines worldwide, including American Airlines.How Did the Ex-Ubiquiti Developer Carry Out the Astonishing Extortion Scheme?
The ex-ubiquiti developer’s astonishing extortion scheme captured the attention of many. With meticulous planning, the developer exploited vulnerabilities he discovered in the company’s systems. Leveraging his inside knowledge, he coerced the company into paying a hefty ransom in exchange for not exposing their trade secrets. This audacious act sent shockwaves throughout the tech community, highlighting the importance of cybersecurity measures for all businesses.