Threat Watch

American Airlines Discloses Data Breach After Employee Email Compromise

American Airlines notified customers of a data breach that took place in July 2022 in which an unauthorized actor compromised accounts of a limited number of American Airlines employees. American Airlines hired a third-party cybersecurity forensics firm to investigate the incident. The investigation discovered personal information of employees and customers had been accessed by the unauthorized actors.  They did not specify the number of customers affected but stated that names, dates of birth, addresses, email, phone numbers, passport numbers, and even certain medical information may have been compromised. American Airlines Sr. Manager for Corporate Communications made the following statement to BleepingComputer. “American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts…” American Airlines said they have taken measures to ensure a similar incident does not take place in the future and offered a two-year membership to Experian’s IdentityWorks.

ANALYST NOTES

Proper security training is paramount within organizations to teach employees how to spot targeted phishing attempts. IT and security departments within organizations should outline to employees how communications will be carried out. Educating users on how to spot phishing emails is always important. However, it is becoming increasingly difficult for users to spot more sophisticated attacks. Email scanning can be a helpful tool when attempting to recognize and quarantine phishing emails. Malicious URL detection can also be used to help block emails that include links to malicious content. Due to the escalating number of known and unknown vulnerabilities in modern computing systems, a defense in depth strategy utilizing post-exploitation detection approaches, such as those employed by Binary Defense’s MDR and Threat Hunting services, is highly recommended.

https://www.bleepingcomputer.com/news/security/american-airlines-discloses-data-breach-after-employee-email-compromise/

https://www.documentcloud.org/documents/22419102-american_airlines_data_braech_notification_sep_16_22