American Airlines and Southwest Airlines staff were made aware Friday of a cybersecurity threat to them from earlier this year.
Both companies reported that a third-party vendor’s systems were infiltrated on April 30. The airlines were made aware on May 3 and began sending letters to affected staff Friday. The data breach contained the “name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s)” of pilots and other staff. American reported 5,745 employees were affected, and Southwest reported 3,009.
STIMULUS CHECK UPDATE: DIRECT PAYMENT WORTH $250 SCHEDULED TO BE SENT IN SEVEN DAYS
It remains to be seen if the third-party vendor involved in the data breach of both airlines was the same company. Southwest Airlines’ law firm Norton Rose Fulbright did not respond to the Washington Examiner’s request for comment.
Both companies maintained that their own systems were unaffected and uncompromised. Additionally, Southwest committed to no longer working with the third-party vendor. American Airlines would not confirm or deny that it will continue to employ the vendor in a statement to the Washington Examiner.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
“At this time, we have no evidence to suggest that the affected information was targeted or misused for purposes of fraud or identity theft,” the letter sent to Southwest employees read. American Airlines employees were told a similar message in different words.
As reparation, American Airlines gave affected staff a two-year membership to Experian’s IdentityWorksSM Credit 3B, and Southwest offered the Equifax Complete Premier equivalent. The memberships can help restore the identities of those who may have their identity stolen in the future.