American Airlines suffered from a data breach incident, an unauthorized actor gained access to the personal information of customers and employees through a phishing campaign.
The exposed information includes address, phone number, driver's license number, passport number, and certain medical information.
They engaged a third-party cybersecurity forensic firm for the investigation and implemented additional technical safeguards to prevent a similar incident from occurring in the future.
TPRM report: https://scoringcyber.rankiteo.com/company/american-airlines
"id": "ame104022922",
"linkid": "american-airlines",
"type": "Breach",
"date": "02/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Airline',
'name': 'American Airlines',
'type': 'Company'}],
'attack_vector': 'Phishing',
'data_breach': {'personally_identifiable_information': ['Address',
'Phone number',
"Driver's license "
'number',
'Passport number'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal information of '
'customers and employees']},
'description': 'American Airlines suffered from a data breach incident, an '
'unauthorized actor gained access to the personal information '
'of customers and employees through a phishing campaign.',
'impact': {'data_compromised': ['Address',
'Phone number',
"Driver's license number",
'Passport number',
'Certain medical information']},
'response': {'remediation_measures': 'Implemented additional technical '
'safeguards',
'third_party_assistance': 'Engaged a third-party cybersecurity '
'forensic firm'},
'threat_actor': 'Unauthorized actor',
'title': 'American Airlines Data Breach',
'type': 'Data Breach'}