American Southwest Airlines Data Exposed By Third-Party Vendor

(CTN News) – American Airlines and Southwest Airlines have reported that data breaches have occurred due to the hacking of a third-party vendor called Pilot Credentials, which has led to the exposure of pilots’ personal information.

A breach of the vendor’s systems, discovered on May 3, was reportedly limited to the vendor’s systems and did not pose a threat to the Southwest Airlines’ networks, according to reports.

“Regardless of whether critical information is managed by a third-party application or a vendor has direct access to one’s infrastructure, additional security risks are introduced, which must be monitored and controlled, according to Roy Akerman, Rezonate’s CEO.

There is no doubt that organizations are realizing more and more that third-party risk is their risk, however, there still needs to be more work done in order to enable this awareness across people, technology, and processes.

It should also be noted that unauthorized access to the system also allowed the perpetrator to steal documents containing personal information provided by pilot and cadet applicants.

Erfan Shadabi, a cybersecurity expert at the data security specialists comforte AG, explained that organizations across various industries need to adopt data-centric security approaches such as tokenization and format-preserving encryption to reduce the risks posed by data breaches.

There are a number of techniques that can be used to enhance data security by limiting the amount of data that can be accessed, decreasing the value of stolen data, and minimising the potential impact of data breaches.”

As of today, American Airlines has reported 5745 pilots and applicants who have been affected, while Southwest Airlines has reported 3009.

While there are no indications that applicants were targeted for exploitation, both airlines said that they would redirect applicants to their internal portals as soon as possible.

“After conducting a thorough investigation, we discovered that the data involved contained some of your personal information, including your name and Social Security number, your driver’s license number, your passport number, your date of birth, your Airman Certificate number, and other government-issued ID numbers,” said American Airlines.

As a result of no longer using the vendor, Southwest Airlines has taken the decision to direct pilot applicants to an internal portal managed by Southwest Airlines going forward.

There are a number of law enforcement agencies investigating, and the Southwest Airlines say they are cooperating fully with the investigation.

Previously, American Airlines had experienced data breaches in 2021 and 2022, and these incidents follow on from those experiences.

SEE ALSO:

Bitcoin Bounty Offered To ‘Terminate’ Australian Activist By China