American Airlines notified customers of a data breach that took place in July 2022 in which an unauthorized actor compromised accounts of a limited number of American Airlines employees. American Airlines hired a third-party cybersecurity forensics firm to investigate the incident. The investigation discovered personal information of employees and customers had been accessed by the unauthorized actors.  They did not specify the number of customers affected but stated that names, dates of birth, addresses, email, phone numbers, passport numbers, and even certain medical information may have been compromised. American Airlines Sr. Manager for Corporate Communications made the following statement to BleepingComputer. “American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts…” American Airlines said they have taken measures to ensure a similar incident does not take place in the future and offered a two-year membership to Experian’s IdentityWorks.