American and Southwest Airlines Notify Employees of Data Breach Exposing Thousands of Records

A data breach that occurred recently and impacted thousands of employees from two prominent U.S. airlines is believed to be the result of unauthorized access by an undisclosed third-party company.

Both American and Southwest airlines have issued notifications to their employees, informing them about the data breach involving the exposure of personal identifiable information. The breach was discovered on May 3 through an external source.

According to The Washington Examiner:

American Airlines and Southwest Airlines staff were made aware Friday of a cybersecurity threat to them from earlier this year.

Both companies reported that a third-party vendor’s systems were infiltrated on April 30. The airlines were made aware on May 3 and began sending letters to affected staff Friday. The data breach contained the “name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s)” of pilots and other staff. American reported 5,745 employees were affected, and Southwest reported 3,009.

It remains to be seen if the third-party vendor involved in the data breach of both airlines was the same company. Southwest Airlines’ law firm Norton Rose Fulbright did not respond to the Washington Examiner’s request for comment.

Both companies maintained that their own systems were unaffected and uncompromised. Additionally, Southwest committed to no longer working with the third-party vendor. American Airlines would not confirm or deny that it will continue to employ the vendor in a statement to the Washington Examiner.

“At this time, we have no evidence to suggest that the affected information was targeted or misused for purposes of fraud or identity theft,” the letter sent to Southwest employees read. American Airlines employees were told a similar message in different words.

As reparation, American Airlines gave affected staff a two-year membership to Experian’s IdentityWorksSM Credit 3B, and Southwest offered the Equifax Complete Premier equivalent. The memberships can help restore the identities of those who may have their identity stolen in the future.