Alaska Air Group Federal Credit Union, Alaska Airlines and Horizon Air: Alaska Airlines Data Breach Lawsuit Investigation

Alaska Air Group Federal Credit Union Data Breach Exposes Sensitive Member Information

A cybersecurity incident at Alaska Air Group Federal Credit Union (AAGCU) has compromised the personal data of over 10,700 members across the U.S. The breach occurred when unauthorized actors exploited a vulnerability in AAGCU’s third-party IT service provider’s systems, gaining access to the credit union’s network on or around March 5, 2026.

AAGCU detected the breach on March 9, 2026, and immediately launched an investigation with cybersecurity experts while securing its IT environment. The probe confirmed that attackers may have accessed and exfiltrated files containing sensitive member information, including Social Security numbers, account numbers, dates of birth, driver’s license and passport numbers, routing numbers, and tax identification numbers.

Notifications to affected individuals began on April 16, 2026, with 10,705 people impacted nationwide, including eight in Maine. AAGCU, a member-owned financial institution serving employees and families of Alaska Airlines, Hawaiian Airlines, Horizon Air, and related affiliates, has not disclosed further details on the attack’s origin or the third-party provider involved.

Legal representatives are now investigating potential compensation claims for those affected, citing possible eligibility for damages related to the exposure of personal data.

Source: https://www.claimdepot.com/investigations/alaska-airlines-data-breach-2026

Alaska Air Group Credit Union cybersecurity rating report: https://www.rankiteo.com/company/alaska-air-group-credit-union

Horizon Federal Credit Union cybersecurity rating report: https://www.rankiteo.com/company/horizon-federal-credit-union

"id": "ALAHOR1776537202",
"linkid": "alaska-air-group-credit-union, horizon-federal-credit-union",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '10,705',
                        'industry': 'Banking/Financial Services',
                        'location': 'U.S.',
                        'name': 'Alaska Air Group Federal Credit Union (AAGCU)',
                        'type': 'Financial Institution (Credit Union)'}],
 'attack_vector': 'Third-party IT service provider vulnerability',
 'customer_advisories': 'Notifications sent to affected individuals',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '10,705',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social Security numbers',
                                              'Account numbers',
                                              'Dates of birth',
                                              'Driver’s license numbers',
                                              'Passport numbers',
                                              'Routing numbers',
                                              'Tax identification numbers']},
 'date_detected': '2026-03-09',
 'date_publicly_disclosed': '2026-04-16',
 'description': 'A cybersecurity incident at Alaska Air Group Federal Credit '
                'Union (AAGCU) has compromised the personal data of over '
                '10,700 members across the U.S. The breach occurred when '
                'unauthorized actors exploited a vulnerability in AAGCU’s '
                'third-party IT service provider’s systems, gaining access to '
                'the credit union’s network. The attackers may have accessed '
                'and exfiltrated files containing sensitive member '
                'information, including Social Security numbers, account '
                'numbers, dates of birth, driver’s license and passport '
                'numbers, routing numbers, and tax identification numbers.',
 'impact': {'data_compromised': 'Sensitive member information including Social '
                                'Security numbers, account numbers, dates of '
                                'birth, driver’s license and passport numbers, '
                                'routing numbers, and tax identification '
                                'numbers',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Potential compensation claims for affected '
                                 'individuals',
            'payment_information_risk': 'High',
            'systems_affected': 'AAGCU’s network'},
 'initial_access_broker': {'entry_point': 'Third-party IT service provider’s '
                                          'systems'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'root_causes': 'Exploitation of third-party IT '
                                           'service provider vulnerability'},
 'references': [{'source': 'Cyber Incident Description'}],
 'regulatory_compliance': {'legal_actions': 'Potential compensation claims'},
 'response': {'communication_strategy': 'Notifications to affected individuals',
              'containment_measures': 'Secured IT environment',
              'incident_response_plan_activated': 'Yes',
              'third_party_assistance': 'Cybersecurity experts'},
 'title': 'Alaska Air Group Federal Credit Union Data Breach Exposes Sensitive '
          'Member Information',
 'type': 'Data Breach'}