A cybersecurity incident at a third-party vendor has impacted the personal information of pilots of at least two US airlines, including American Airlines and Southwest Airlines. Personal information, including name and social security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification numbers were compromised, according to breach notification of the airlines. Breach at third-party vendor On May 3, both airlines were informed that their third-party vendor, pilotcredentials.com, had experienced a cybersecurity incident involving some files within its systems. An unauthorized actor accessed the third-party vendor’s systems on or around April 30 and obtained certain files provided by some pilot and cadet applicants during their hiring process, the airlines said in their notifications. “The incident was solely limited to the third-party vendor’s systems, and no American networks or systems were affected or compromised,” American Airlines said in the breach notification, adding that the investigations were launched immediately and the law enforcement authorities were notified. Personal information of 5,745 pilots of American Airlines and 3,009 pilots from Southwest Airlines has been leaked due to the incident, according to the airline report to the Office of the Maine Attorney General. “Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification numbers (s),” American Airlines said.
Source: CSO Online