Friday , May 9 2025

Again! Two big airlines disclosed data breaches

infosecbulletin Sunday , June 25 2023 Data Breach, International

American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed on Friday that their data had been breached. The breach was caused by a hack of Pilot Credentials, a third-party vendor that manages pilot applications and recruitment portals for multiple airlines.

The breach affected 5745 pilots and applicants at American Airlines and 3009 at Southwest Airlines. The stolen information included names, Social Security numbers, driver’s licenses, passports, dates of birth, and Airman Certificate numbers.

Microsoft Patches Four Critical Azure and Power Apps Vulns

By infosecbulletin / Friday , May 9 2025
Microsoft has fixed critical vulnerabilities in its core cloud services, including Azure Automation, Azure Storage, Azure DevOps, and Microsoft Power...
Read More
Microsoft Patches Four Critical Azure and Power Apps Vulns

Qilin Ransomware topped April 2025 with 45+ data leak disclosures

By infosecbulletin / Thursday , May 8 2025
The cyber threat landscape is rapidly changing, with a notable increase in ransomware activity in April 2025, driven by the...
Read More
Qilin Ransomware topped April 2025 with 45+ data leak disclosures

SonicWall Patches 3 Flaws in SMA 100 Devices

By infosecbulletin / Thursday , May 8 2025
SonicWall has released patches for three security flaws in SMA 100 Secure Mobile Access appliances that could allow remote code...
Read More
SonicWall Patches 3 Flaws in SMA 100 Devices

Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed

By infosecbulletin / Thursday , May 8 2025
From April 2024 to April 2025, Flashpoint analysts noted that the financial sector was a major target for threat actors,...
Read More
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed

Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA

By infosecbulletin / Thursday , May 8 2025
Cisco has issued a security advisory for a critical vulnerability in its IOS XE Software for Wireless LAN Controllers (WLCs)....
Read More
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA

CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day

By infosecbulletin / Wednesday , May 7 2025
Attackers linked to the Play ransomware operation deployed a zero-day privilege escalation exploit during an attempted attack against an organization...
Read More
CVE-2025-29824 Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day

Hacker exploited Samsung MagicINFO 9 Server RCE flaw

By infosecbulletin / Wednesday , May 7 2025
Hackers are exploiting an unauthenticated remote code execution vulnerability in the Samsung MagicINFO 9 Server to take control of devices...
Read More
Hacker exploited Samsung MagicINFO 9 Server RCE flaw

CISA adds Langflow flaw to its KEV catalog

By infosecbulletin / Tuesday , May 6 2025
CISA added the Langflow vulnerability, CVE-2025-3248 (CVSS score 9.8), to its Known Exploited Vulnerabilities catalog. Langflow is a popular tool...
Read More
CISA adds Langflow flaw to its KEV catalog

Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

By infosecbulletin / Tuesday , May 6 2025
Google has released its monthly Android security updates, addressing 46 vulnerabilities, including one that has been actively exploited. CVE-2025-27363 (CVSS...
Read More
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition

By infosecbulletin / Tuesday , May 6 2025
The Cyber Security Club, representing the Department of Computer Science and Engineering at the University of Asia Pacific (UAP), has...
Read More
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition

American Airlines and Southwest Airlines said that there is no evidence that the stolen information has been used for fraudulent or identity theft purposes. However, the airlines are no longer using Pilot Credentials and are directing all pilot and cadet applicants to self-managed internal portals.

This is not the first time that American Airlines has been hit by a data breach. In September 2022, the airline disclosed that a phishing attack had compromised the personal information of over 1,700 customers and employees. And in March 2021, American Airlines was one of several airlines that was affected by a data breach at SITA, a global air information tech giant.

American Airlines is the world’s largest airline by fleet size, while Southwest Airlines is the world’s largest low-cost carrier. Both airlines have a combined workforce of over 190,000 people.

The data breaches at American Airlines and Southwest Airlines are a reminder of the importance of data security. Airlines collect a lot of personal information about their customers and employees, and this information is a valuable target for hackers. Airlines need to take steps to protect this information from unauthorized access.

Here are some additional details about the data breach:

  • The breach occurred on April 30, 2023.
  • The unauthorized individual gained access to Pilot Credentials’ systems by exploiting a vulnerability in the vendor’s software.
  • The stolen information was not encrypted, which made it easier for the attacker to access it.
  • American Airlines and Southwest Airlines have notified law enforcement of the breach and are cooperating with the investigation.

Check Also

Quantum Computing Village

India Launches First Quantum Computing Village in Amaravati

India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin