American Airlines data breach due to employee email accounts being compromised

American Airlines had to write to customers to explain that personal data had been stolen through a cyber-attack – although they did state in the letter that there was no evidence of that personal data having been misused! I would like to see their evidence of that, because I think that statement falls cleanly into the Donald Rumsfeld category of stuff you know! (For those younger members of my audience, just watch the video.)

The data breach was found to have originated phishing emails being sent to employees and when these were actioned, by an unspecified number of employees, their email accounts and the information in them was exposed.

American Airlines discloses data breach after employee email compromise (bleepingcomputer.com)

The airline has recommended affected customers take further security precautions themselves and has organised free two-year membership of Experian’s IdentityWorks which can help with identity theft detection and resolution.

American Airlines has also undertaken training and other technical steps to defend against such attacks in the future.

Threat actors work very hard on ways to get their malware and malicious links past the various technical defences organisations put in the way. So if they can defeat the various filtering systems, firewalls, advanced threat protection and anti-virus and get into the inbox of a busy employee, they are your only defence left.

Your organisation’s cyber security is now depending on that person recognising that this email is malicious…

Let’s hope that although it looks like it is from the company’s bank or best client, they will not open the attached PDF file as they realised, they were not expecting this type of email from that person. Or when the email from the head of IT Support asking them to urgently click on this link to reset their Microsoft 365 password as there has been a cyber security breach, they remember the company cyber security plans states clearly this is not how a cybersecurity incident would be dealt with.

If not they will just follow the link or open the attachment.

You do not think it could happen to you – just ask American Airlines.

Do you want to take training and technical steps to defend against phishing attacks, aimed at your team? That is what CyberAwake – our online training portal is for:

phishing emails
Cyber Security Experts | Awareness | Training (cyberawake.co.uk)

Clive Catton MSc (Cyber Security) – by-line and other articles

cyberawake 200