says the hackers may have obtained personal information for a “very small number” of customers and employees. The company did not say exactly how many people were affected, though it noted there is no evidence the attackers misused the data. He told affected customers that names, driver’s license and passport numbers, addresses, email addresses, phone numbers, dates of birth and medical information may have been compromised.
The hackers accessed American’s email system through a phishing campaign, as informed. The company told regulators in Montana that it discovered the intrusion in July. It began informing affected customers last week. American says it secured the breached email accounts and hired a third-party cybersecurity firm to investigate.
American said it is implementing more technical measures to prevent similar violations from occurring. The company has also offered customers affected by the breach two years of identity theft protection coverage.
An American Airlines spokesperson provided the following statement to Engadget:
“American Airlines is aware of a phishing campaign that led to unauthorized access to a limited number of team member mailboxes. Those email accounts contained a very small amount of personal customer and employee information. While we have no evidence that personal information has been misused, data security is of the utmost importance and we offer preventative support to clients and team members. We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future.”
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at time of publication.