American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines’ pilot applications and recruitment portals.
Both airlines were informed of the Pilot Credentials incident on May 3, which was limited solely to the systems of the third-party vendor, with no compromise or impact on the airlines’ own networks or systems.
An unauthorized individual gained access to Pilot Credentials’ systems on April 30 and stole documents containing information provided by certain applicants in the pilot and cadet hiring process.
According to breach notifications filed on Friday with Maine’s Office of the Attorney General, American Airlines said the data breach affected 5745 pilots and applicants, while Southwest reported a total of 3009.
“Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s),” American Airlines revealed.