top of page

When Cyber-Threats Fly: What the Data Breach on American Airlines Means for You


American Airlanes experienced a data breach recently…What happened to your data?

The cyber event reportedly compromised both passengers and workers alike; and while the information has yet to turn up on the Dark Web, nonetheless it has set everyone on edge as well as raised more questions about the protection of your personally identifying information (PII) in company databases.

Travel is often necessary for business and pleasure. Are you thinking about your cybersecurity when you fly?

What Was Stolen from AA

Mid-September 2022, airline customers received a notice that several employee emails had been compromised through a phishing scam, which in turn led the hackers deeper into the AA database. Names, addresses, birthdays, phone numbers, passport and driver’s licenses, and even medical information that an airline might have on file were all exposed in this breach, which occurred all the way back in July of this year.

In the two months between the attack and notification, the airline resecured the affected employee accounts. They also reportedly found no evidence that any of this exposed information was actually accessed or stolen by the threat actors. Nonetheless, they’re giving those affected a two-year membership to Experian identity theft monitoring services.

What does this mean for the data that might have been leaked? Until it shows up for sale on the Dark Web or your identity is found stolen, it’s hard to tell if your information was personally accessed. Monitoring is recommended so you can take immediate steps to remediation if they steal your PII.

Is Your Travel Data Safe?

American Airlines has sworn to take steps to ascertain this doesn’t happen again, but the incident leaves lingering fear about the safety of your data when using any transit services. Transit is considered critical infrastructure, which are those industries that allow us to go about our daily lives. Unfortunately, cyberattacks against critical infrastructure have been rising too.

Cyber-attacks against critical infrastructure pose a risk to national security as well as being a frustrating disruption to our lives. Given the capabilities of today’s technology, as consumers we expect ultimate efficiency in every online interaction. In meeting our expectations for an online experience, these businesses then face attacks aimed at the Internet of Things; more dangerous insider threats; third-party threats, denial-of-service attacks and so much more.

For this reason, you should choose service vendors who invest in the kind of strong cybersecurity that your private data deserves.


When you find out that your PII might have been exposed in a data leak, change your credentials to that website immediately and monitor your accounts for unusual activity and identity theft. These incidents are easier to handle the faster you notice the suspicious access on your accounts.



0 views0 comments


bottom of page