DALLAS — American Airlines says personal information of a “very small number” of customers and employees was compromised after hackers breached some employee email accounts.
There is no indication that the attackers have misused any of the personal information, the company said.
American notified customers last week that the breach was discovered in July, according to law enforcement officials in Montana. American said it locked down the breached accounts and hired a cybersecurity firm to investigate.
American told customers that information in the compromised email accounts could have included their date of birth, driver’s license and passport numbers and medical information they provided to the airline.
Affected customers were offered two years of identity theft-protection coverage, American said.
The airline declined to say how precisely how many people had their personal information exposed or the nature of that information.
“American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes,” American spokesman Curtis Blessing said. “A very small number of customers and employees’ personal information was contained in those email accounts.
Blessing said American is putting in place “additional technical safeguards to prevent a similar incident from occurring in the future.”
American is based in Fort Worth, Texas.
With summer vacations wrapped up, airlines are counting on the return of more business travelers to keep their pandemic recovery going into the fall.
Air travel in the United States, bolstered by huge numbers of tourists, has nearly recovered to pre-pandemic levels.
Inflation — and especially this year's sharp rise in airfares — raises concern about how long vacationers can afford to keep flying at their current pace. Airlines say they see no signs of a slowdown in leisure travel.