Airplane with "Canceled" stamped over the top

American Airlines employees’ emails have been compromised by a phishing attack

A malicious attacker used a phishing attack to steal a number of employees’ email accounts, which ended in a data breach at American Airlines. A compromised Microsoft 365 account linked to an employee was used to start the attack.

According to documents filed by the airline with the Attorney General’s Office of New Hampshire, American’s CIRT found unauthorised activity in the company’s Microsoft 365 system upon confirmation of these phishing alerts. The attacker used phishing attacks to gain access to many workers’ accounts. More phishing emails were sent to unspecified targets by the attacker using these compromised accounts, according to American Airlines.

The business further said that the team members’ access to their accounts gave attackers access to any employee files that were kept on the SharePoint cloud-based service.

According to a legal notification summarizing the security incident:

Through its investigation, American was able to find that the unauthorized actor used an IMAP protocol to access the mailboxes. The unauthorised actor may have been able to synchronise the mailbox contents to another device by using this protocol.

Additionally, it was explained:

American [Airlines] has no reason to believe that synchronising the contents of the mailboxes was the purpose of the access. It seems from the fact that the unauthorised actor was exploiting the IMAP protocol to access the mailboxes and send phishing emails.

Although the airline feels there is very little risk to those affected, it started notifying those who were affected of the data breach on September 16. Personal information exposed in the attack may have included names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s licence numbers, passport numbers, or specific medical information, as American said in the notification letters. It may also have included information about employees and clients.

A security breach at American Airlines affected nearly 1,700 customers/staff

Andrea Koos, Senior Manager for Corporate Communications at American Airlines, declined to provide the precise number of people affected by this data breach at the time.

The data breach impacted 1,709 American Airlines passengers and employees, the company later reported in a statement with the Office of the Maine Attorney General.

The company claims it would provide affected victims with two years of free Experian IdentityWorks membership with identity restoration services, and up to $1 million in identity fraud insurance to help with identity theft discovery.

American Airlines further said:

Although we have no evidence that your personal information has been misused, we recommend that you enrol in Experian’s credit monitoring. you should take precautions, which includes keeping a close eye on your free credit reports and account statements.

Why Airline Security Breaches Seem to Be Widespread

A quick Google search will show that security breaches are not at all unusual in the worldwide airline business.

In 2019, British Airways paid a fine for a data breach, while in 2020, a complex hack allowed unauthorised access to the personal information of 9.2 million EasyJet passengers. As a result, EasyJet was forced to provide massive economic relief to its customers.

Following the discovery of a security breach involving a third-party IT provider last year, Malaysia Airlines faced the undue challenge of analysing more than nine years’ worth of corrupted data.

Air New Zealand and Lufthansa, two well-known airlines, were among the others that suffered data breaches in 2021. As a member of the Star Alliance, United Airlines, Singapore, and the latter were all engaged in a breach in 2021.

The target of choice for hackers is clearly airlines. Passport numbers, complete names, dates of birth, and other details are among the information they save that would be needed to plan an identity theft.

In March 2021, the airline suffered another data breach when the world’s largest provider of air information technology, SITA, reported that hackers had broken into its servers. They had got access to the Passenger Service System (PSS), which is used by numerous airlines around the world, including American Airlines.

According to fleet size, American Airlines is the biggest airline on the earth. It employs more than 120,000 workers and runs approximately 6,600 flights every day to around 345 destinations in more than 50 countries.

Phishing attacks pose a major threat to organisations. Almost anybody can plan an attack, regardless of technical skill, thanks to the commercial availability of Phishing Kits. Modern worlds involve a lot of do-it-yourself (DIY) projects.

It is important to make sure your employees are knowledgeable about how to recognise phishing emails. To help employees test their skills, a growing number of businesses are now sending “fake” phishing emails to their employees.

Not all attacks are phishing related. Credential stuffing, ransomware, and other malicious software are still often used. Your company will be well-protected from cyberattacks with the help of a suitable security software package and regular training.

Help your colleagues spot these phishing emails by starting your Phishing Tackle security awareness training today with our two-week free trial.

Recent posts