Security News > 2022 > September > American Airlines learned they were breached from phishing targets
American Airlines says its Cyber Security Response Team found out about a recently disclosed data breach from the targets of a phishing campaign that was using an employee's hacked Microsoft 365 account.
The investigation also revealed the attacker accessed multiple employees' accounts and used them to send more phishing emails to targets American has not yet disclosed.
As the company later disclosed in a filing with the Office of the Maine Attorney General, the data breach impacted 1,708 American Airlines customers and team members.
"Although we have no evidence that your personal information has been misused, we recommend that you enroll in Experian's credit monitoring," American Airlines added.
The airline was hit by another data breach in March 2021 when global air information tech giant SITA said hackers breached its servers and gained access to the Passenger Service System used by multiple airlines worldwide, including American Airlines.
American Airlines is the world's largest airline by fleet size.