Hackers were able to steal the personal data of thousands of individuals who have applied to become pilots with American Airlines and Southwest Airlines, the companies have said.
The airlines confirmed in June 23 letters to customers that the data leak was caused by the hack of a third-party vendor known as Pilot Credentials; a recruitment company that handles the job applications of pilots and other air transport industry professionals.
Both companies learned of the security incident on May 3, although the unidentified hacker was initially able to gain access to the personnel data days earlier, on or around April 30, the airlines said.
According to breach notifications filed with the Maine Attorney General’s Office, more than 8,000 pilot and cadet applicants had personnel information they provided during the hiring process compromised during the incident.
Such private information included applicants’ names, birth dates, Social Security numbers, driver’s license numbers, Airman Certificate numbers, passports, and other ID numbers, officials said.
Fort Worth-based carrier American Airlines said it had conducted a “robust review” following the breach and found it had affected approximately 5,745 pilots.
Southwest said the incident was “limited to the Vendor’s systems and at no point impacted Southwest’s systems, network or technology” but reported a total of 3,009 affected persons.
‘No Evidence’ of Data Misuse
Both airlines said there is “no evidence” to suggest that the leaked information was targeted or misused for purposes of fraud or identity theft, however, they have implemented protective measures as a precaution, noting that pilot and cadet applicants are now being directed to an internal portal managed by the airlines themselves as opposed to a third-party vendor.It is unclear exactly who was behind the attack but the two airlines stressed that they have informed law enforcement of the incident and are cooperating with their investigation into the matter.
However, Dennis Tajer, a spokesperson for the Allied Pilots Association, which represents pilots at American Airlines, told the Associated Press that American Airlines knew about the breach for several weeks before notifying those impacted; a decision he said was disappointing.
According to Tajer, 2,200 of the association’s members were affected by the breach.
The Epoch Times contacted American Airlines for further comment.
The latest hacking incident is not the first to hit American Airlines, which disclosed a data breach in September that compromised the personal information of its employees as well as customers.
Pilot Shortage to Last for Years
The latest hacking incident comes amid an ongoing pilot shortage across the aviation industry which experts have warned could last for years.Earlier this month, Southwest Airlines CEO Bob Jordan told Reuters during the annual Bernstein Conference in Chicago that the Dallas-based airline has about 40 planes that are currently unable to fly due to pilot shortages and challenges in training new aviators.
“The constraint is really the ability to put them through the training center because it’s full,” he said.
American Airlines has said as many as 50 mainline planes and 150 regional aircraft are grounded because of a lack of trained pilots.
