American Airlines has confirmed a data breach that affected some of its customers’ data exposing names, birthdays, mailing and email addresses, phone, driver’s license and passport numbers and “certain medical information”.
The airline, however, said that it has no evidence to suggest that “your personal information was misused.”
“Nevertheless, out of an abundance of caution, we wanted to provide you with information about the incident and protective measures you can take,” it said in a statement, revealing the data breach that occurred in July.
“In July 2022 we discovered that an unauthorised actor compromised the email accounts of a limited number of American Airlines team members. Upon discovery of the incident, we secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation,” said American Airlines.
The investigation determined that certain personal information was in the email accounts.
“The personal information involved in this incident may have included your name, date of birth, mailing address, phone number, email address, driver’s license number, passport number, and/or certain medical information you provided,” the airline informed.
The airline said it would offer affected customers free two-year membership of Experian’s IdentityWorks to help with identity theft detection and resolution.
This product “provides you with superior identity detection and resolution of identity theft”.
“Although we have no evidence that your personal information has been misused, we recommend that you enroll in Experian’s credit monitoring,” American Airlines said.
American Airlines was also hit by a data breach in March 2021.