The union, which represents more than 15,000 pilots at American Airlines, says it fell victim to a ransomware attack that took down its website and may have allowed hackers to steal the sensitive personal data of its members.
The Allied Pilots Association (APA) says it became aware of the hack attack on October 30 when its servers were taken offline, blocking access to both the union’s public website and secure member-only pages, as well as specific tools built for pilots.
The APA website and its online services are completely separate from American Airlines, and there is no suggestion that the airline’s systems have been compromised.
The attack was so widespread that APA was forced to update its members via social channels because its website was inaccessible and email systems had been taken offline.
In a statement set up on a temporary new website, APA said it was still assessing the full extent of the damage and that cyber security experts were trying to determine whether personal data had been compromised.
The union warned that it may take some time to figure out whether sensitive information has actually been stolen.
“On October 30, we experienced a cybersecurity incident,” the union confirmed on Thursday. “Upon discovery of the incident, we immediately took steps to secure our network.”
“Our IT team, with the support of outside experts, continues to work nonstop to restore our systems. We are pleased to report that our restoration efforts are progressing, and we will soon be able to begin to bring back some of our online services”.
The union said it could take days to restore all of its online services.
A preliminary investigation suggests APA was targeted in a ransomware attack and that the hackers had managed to encrypt certain systems, which has blocked access to the union’s IT team.
“The restoration of those systems has entailed a methodical and time-consuming process for our IT team and outside experts,” the union warned.
Earlier this year, thousands of pilots who had applied for positions at American Airlines and Southwest had their personal details stolen by hackers who broke into a database owned by a third-party vendor that the two Texas-based airlines had been using for its pilot recruitment campaigns.
As many as 8,000 pilot and cadet applicants had their personal information compromised, although thousands didn’t find out about the breach until months later.
American Airlines offered victims two years of access to a credit checking service so that they could monitor whether criminals were attempting to steal their identities to obtain loans or other forms of credit.
