Two US-based major players in the aviation industry — American Airlines and Southwest Airlines have disclosed data breaches that have affected their pilot applicants.
According to BleepingComputer, the breaches occurred as a result of a hack targeting Pilot Credentials, a third-party vendor that manages pilot applications and recruitment portals for numerous airlines.
On May 3, both airlines were notified of the Pilot Credentials incident, which was limited to the third-party vendor’s systems and had no impact or compromise on the airlines’ own networks or systems.
Pilot Credentials’ systems were accessed by an unauthorized person on April 30 and documents containing applicant information were stolen.
A total of 5,745 pilots and applicants were affected, while Southwest reported 3,009 were affected, according to breach notifications filed with Maine’s Office of the Attorney General, the report mentioned.
“Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s),” American Airlines revealed.
Moreover, the report said that the airlines will direct all pilot and cadet applicants to self-managed internal portals from now on, even though no evidence was found that their personal information was specifically targeted or exploited for fraud or identity theft.
“We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest,” Southwest Airlines said.
