In a recent data breach incident, hackers managed to access a database operated by Pilot Credentials, a recruitment company based in Austin, Texas. This breach resulted in the theft of personal information belonging to over 8,000 pilot applicants for American Airlines and Southwest Airlines. The compromised data includes names, birth dates, Social Security and passport numbers, as well as driver’s and pilot’s license numbers of job applicants.
American Airlines reported that approximately 5,745 of their applicants were affected by the breach, while Southwest Airlines stated that the information of 3,009 of their applicants was exposed. The airlines became aware of the breach on May 3, shortly after it occurred on April 30.
Although American Airlines found no evidence of fraudulent activity or identity theft, they are taking proactive steps to protect the affected applicants. The airline is offering two years of identity theft protection to those affected by the breach. Additionally, both American Airlines and Southwest Airlines have shifted their recruitment processes to internal websites and are fully cooperating with law enforcement investigations.
This incident highlights the significant risks associated with data breaches and the potential damage they can cause to organizations. Erfan Shadabi, a cybersecurity expert with comforte AG, expressed concerns about the breach, stating that the stolen data is a goldmine for cybercriminals. They can exploit it for various malicious purposes, including identity theft, financial fraud, and targeted phishing attacks.
Erich Kron, a security awareness advocate at KnowBe4, agrees that such breaches demonstrate the dangers of relying on third parties to manage sensitive information. He explains that while it may be more economically feasible for organizations to enlist vendors for certain services, it often reflects more poorly on the customer organization when things go wrong.
To mitigate the risk of data breaches, Nick Tausek, a lead security automation architect at Swimlane, suggests that airlines need to prioritize the implementation of robust security measures in collaboration with their third-party vendors. This includes practices such as multifactor authentication, regular password updates, and ensuring that their current security strategy allows for timely threat detection and incident response. Tausek also emphasizes the importance of security automation tools, as they can accelerate security teams’ capabilities to keep up with the evolving threat landscape.
Sally Vincent, a senior threat research engineer at LogRhythm, adds that assessing third-party risk is also crucial for airlines. In addition to managing and detecting threats within their own IT infrastructure, airlines should have strong communication and notification tools, as well as a deep understanding of how to effectively configure their complex IT environment. This comprehensive approach enables prompt and thorough responses to anomalous and malicious activities.
Furthermore, when organizations rely on third-party services to process or gather sensitive information, special care should be taken to ensure that the security standards of the vendor align with or exceed those of the hiring organization. This includes considering how the data is handled, who has access, how it’s secured, and how long it’s retained. This vetting process should be outlined in the contracts between the organizations and their vendors, according to Kron.
It is evident that the travel industry, including airlines, continues to be a lucrative target for cybercriminals. In the past year, American Airlines fell victim to a successful phishing attack that compromised customer data. Recognizing the ongoing threats faced by the travel sector, the Transportation Security Administration (TSA) has introduced cybersecurity requirements for airport and aircraft operators. These requirements aim to enhance cyber resilience and prompt reporting of significant breaches to the Cybersecurity and Infrastructure Security Agency (CISA).
The impact of ransomware attacks on airlines has also been felt globally. Indian low-cost carrier SpiceJet, for example, experienced flight delays and the unavailability of online booking systems and customer service portals due to a ransomware attack.
As data breaches continue to pose a significant threat to organizations, it is crucial for airlines and other industries to strengthen their security measures, collaborate closely with third-party vendors, and stay vigilant in the face of evolving cyber threats. Only through proactive and comprehensive security strategies can companies effectively protect sensitive information and maintain the trust of their customers.