DALLAS (TBEN) — American Airlines says personal information of a “very small number” of customers and employees was compromised after hackers hacked into some employee email accounts.
There is no indication that the attackers misused the personal information, the company said.
American informed customers last week that the breach was discovered in July, according to law enforcement officers in Montana. American said it has locked down the compromised accounts and hired a cybersecurity firm to investigate.
American told customers that the information in the compromised email accounts could include their date of birth, driver’s license and passport numbers, and medical information they provided to the airline.
Affected customers received two years of identity theft coverage, American said.
The airline declined to say how many people exposed their personal information or the nature of that information.
“American Airlines is aware of a phishing campaign that has resulted in unauthorized access to a limited number of team members’ mailboxes,” said US spokesman Curtis Blessing. “A very small amount of personal data from customers and employees was in those email accounts.
Blessing said American is “taking additional technical precautions to prevent a similar incident in the future”.
American is based in Fort Worth, Texas.
This story was previously corrected to show that American Airlines said it had no evidence that hackers misused the personal information.