DALLAS – American Airlines says the personal information of a “very small number” of customers and employees was compromised after hackers hacked into some employee email accounts.
There is no evidence that the attackers misused any personal information, the company said.
American notified customers last week that the breach was discovered in July, according to Montana law enforcement officials. American said it locked down the hacked accounts and hired a cybersecurity firm to investigate.
American told customers that the information in the compromised email accounts could have included their date of birth, driver’s license and passport numbers, and medical information they provided to the airline.
Affected customers were offered two years of identity theft protection coverage, American said.
The airline declined to say specifically how many people had their personal information exposed or the nature of that information.
“American Airlines is aware of a phishing campaign that has led to unauthorized access to a limited number of team member mailboxes,” US spokesman Curtis Blessing said. “A very small amount of personal customer and employee information was contained in these email accounts.”
Blessing said American was putting “additional technical safeguards in place to prevent a similar incident from happening in the future.”
American is based in Fort Worth, Texas.