American Airlines downplayed a hack attack that used a phishing scam to gain personal data for a “very small number” of passengers, the airline said.
The unidentified hackers broke into email accounts of airline employees that contained sensitive customers’ data that included driver’s license numbers and medical information, according to a letter issued by American notifying Montana state regulators.
“American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes,” American spokesman Curtis Blessing said. “A very small number of customers and employees’ personal information was contained in those email accounts.”
American notified customers last week that the breach was discovered in July, according to law enforcement officials in Montana. American said it locked down the breached accounts and hired a cybersecurity firm to investigate.
The airline declined to say precisely how many people had their personal information exposed.
“We have no evidence that any personal information has been misused,” Blessing said.
The airline has offered two years of identity theft-protection coverage to those affected.
“We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future,” the airline said.