InfoSecBulletin Cybersecurity for mankind
American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed on Friday that their data had been breached. The breach was caused by a hack of Pilot Credentials, a third-party vendor that manages pilot applications and recruitment portals for multiple airlines.
The breach affected 5745 pilots and applicants at American Airlines and 3009 at Southwest Airlines. The stolen information included names, Social Security numbers, driver’s licenses, passports, dates of birth, and Airman Certificate numbers.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
American Airlines and Southwest Airlines said that there is no evidence that the stolen information has been used for fraudulent or identity theft purposes. However, the airlines are no longer using Pilot Credentials and are directing all pilot and cadet applicants to self-managed internal portals.
This is not the first time that American Airlines has been hit by a data breach. In September 2022, the airline disclosed that a phishing attack had compromised the personal information of over 1,700 customers and employees. And in March 2021, American Airlines was one of several airlines that was affected by a data breach at SITA, a global air information tech giant.
American Airlines is the world’s largest airline by fleet size, while Southwest Airlines is the world’s largest low-cost carrier. Both airlines have a combined workforce of over 190,000 people.
The data breaches at American Airlines and Southwest Airlines are a reminder of the importance of data security. Airlines collect a lot of personal information about their customers and employees, and this information is a valuable target for hackers. Airlines need to take steps to protect this information from unauthorized access.
Here are some additional details about the data breach:
- The breach occurred on April 30, 2023.
- The unauthorized individual gained access to Pilot Credentials’ systems by exploiting a vulnerability in the vendor’s software.
- The stolen information was not encrypted, which made it easier for the attacker to access it.
- American Airlines and Southwest Airlines have notified law enforcement of the breach and are cooperating with the investigation.
