Thousands of pilots who applied for positions at American Airlines and Southwest have had their personal details stolen by hackers who broke into a database owned by a third-party vendor, which the two Texas-based airlines had been using for its pilot recruitment campaigns.
As many as 8,000 pilot and cadet applicants have had their personal information compromised, although thousands didn’t find out about the breach until months later.
American Airlines and Southwest had been using an external recruitment partner called Pilot Credentials to handle applications, but the Austin-headquartered company informed the carriers that an ‘unauthorized person’ had managed to access its systems on April 30.
The airlines were told about the hack on May 3, but it wasn’t until only very recently that some victims were told about the significant data breach.
American Airlines has offered victims two years of access to a credit checking service so that they can monitor whether criminals are attempting to steal their identities to obtain loans or other forms of credit.
The airlines were required to inform the Office of the Attorney General for Maine about the hack attack. These documents reveal that 5,745 applicants at American Airlines and 3,009 applicants at Southwest have been hit by the breach.
American Airlines confirmed that a raft of highly personal information had been stolen, including: “name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number”.
In a statement, Southwest Airlines said: “We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest”.
American Airlines also confirmed that it was no longer using Pilot Credentials and that all applications would now be managed and stored on internal airline databases.
