A third-party vendor hack called Pilot Credentials led to a data breach affecting pilot information for American Airlines and Southwest Airlines.
The breach, which was discovered on May 3, was reportedly limited to the vendor’s systems and did not compromise the airline’s network.
“Whether critical information is managed by a third-party application or the vendor has direct access to their own infrastructure, it introduces additional security risks, so monitoring and It needs to be controlled,” he commented.
“Organizations are increasingly realizing that third-party risks are their own risks, but more needs to be done to achieve this awareness across people, technology and processes.”
Read more about third-party breach: Law firm’s server breach exposed Uber driver data
At the same time, the unauthorized access allowed perpetrators to steal documents containing personal information provided by pilot and cadet applicants.
“To mitigate the risks posed by data breaches, organizations across industries must adopt data-centric security approaches such as tokenization and format-preserving encryption,” said Comfort AG, data security specialist. explains Erfan Shadavi, a cybersecurity expert at
“These technologies enhance data security by limiting exposure, reducing the value of stolen data, and minimizing the potential impact of a breach.”
American Airlines reported 5,745 pilots and applicants affected, and Southwest Airlines reported 3,009 affected. Both airlines said they would redirect applicants to internal portals, although there was no evidence of targeted exploitation.
“Our research has shown that the data involved includes personal information such as your name, social security number, driver’s license number, passport number, date of birth, airman identification number, and other government-issued identification numbers. It was found to contain a portion of the .
“We are no longer using vendors and going forward, pilot applicants will be directed to an internal portal maintained by Southwest,” Southwest Airlines added.
Law enforcement said it was investigating and the airline was cooperating fully.
These incidents follow previous data breaches American Airlines experienced in 2022 and 2021.
Editorial image credit: Philip Pilosian / Shutterstock.com
