Two major airlines, American Airlines and Southwest Airlines, disclosed data breaches resulting from the hack of Pilot Credentials, a third-party vendor managing pilot applications and recruitment portals for multiple airlines. The incident, discovered on May 3, affected only the third-party vendor’s systems, with no compromise to the airlines’ own networks. An unauthorized individual gained access to Pilot Credentials’ systems on April 30, stealing documents containing information provided by applicants in the pilot and cadet hiring process. American Airlines reported 5,745 affected pilots and applicants, while Southwest reported 3,009, both airlines assuring applicants that their personal information wasn’t specifically targeted or exploited.
Following the data breaches, American Airlines and Southwest Airlines have ceased using the third-party vendor and will direct all pilot and cadet applicants to self-managed internal portals. Although there is no evidence of targeted or fraudulent exploitation of pilots’ personal information, the airlines are taking proactive measures. This includes notifying law enforcement authorities and cooperating with ongoing investigations. Notably, both airlines have experienced data breaches in recent years. American Airlines disclosed a breach in September 2022, impacting over 1,708 customers and team members, and another breach in March 2021 following a global air information tech giant’s server breach.
American Airlines is the world’s largest airline by fleet size, operating nearly 6,700 flights daily to over 350 destinations across 50 countries. Southwest Airlines is the world’s largest low-cost carrier, present in over 121 airports across 11 countries, with a workforce of nearly 70,000 employees.
