Personal information of 5,745 pilots of American Airlines and 3,009 pilots from Southwest Airlines has been leaked due to the incident. Credit: SoutherlyCourse / Getty A cybersecurity incident at a third-party vendor has impacted the personal information of pilots of at least two US airlines, including American Airlines and Southwest Airlines. Personal information, including name and social security number, driver's license number, passport number, date of birth, Airman Certificate number, and other government-issued identification numbers were compromised, according to breach notifications from the airlines. Breach at third-party vendor On May 3, both airlines were informed that their third-party vendor, pilotcredentials.com, had experienced a cybersecurity incident involving some files within its systems. An unauthorized actor accessed the third-party vendor's systems on or around April 30 and obtained certain files provided by some pilot and cadet applicants during their hiring process, the airlines said in their notifications. "The incident was solely limited to the third-party vendor's systems, and no American networks or systems were affected or compromised," American Airlines said in its breach notification, adding that the investigations were launched immediately and the law enforcement authorities were notified. Personal information of 5,745 pilots of American Airlines and 3,009 pilots from Southwest Airlines has been leaked due to the incident, according to the airline’s report to the Office of the Maine Attorney General. "Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver's license number, passport number, date of birth, Airman Certificate number, and other government-issued identification numbers (s)," American Airlines said. Southwest Airlines insisted there is no evidence to suggest that the affected information was targeted or misused for fraud or identity theft. Meanwhile, the two airlines have suspended the use of third-party and, moving forward, pilot applicants are being directed to an internal portal managed by the airlines. As an additional precaution, both airlines have provided free identity protection membership that detects possible misuse of personal information. Earlier breach reported by American Airlines In July last year, American Airlines suffered another breach, when an unauthorized actor compromised the email accounts of a limited number of American Airlines team members. Personal information compromised in the incident included name, date of birth, mailing address, phone number, email address, driver's license, number, passport number, and certain medical information provided. The airline also suffered a data breach in March 2021 after hackers breached SITA servers and accessed the Passenger Service System used by various airlines across the globe. Related content news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Advanced Persistent Threats Advanced Persistent Threats news BSIMM 14 finds rapid growth in automated security technology Embrace of a "shift everywhere" philosophy is driving a demand for automated, event-driven software security testing. By John P. Mello Jr. Dec 06, 2023 4 mins Application Security Network Security news Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. By Gagandeep Kaur Dec 06, 2023 4 mins IT Jobs Security Practices feature 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities After two decades of regular and indispensable updates, it’s clear that security teams need take a more holistic approach to applying fixes far beyond the Microsoft ecosystem. By Susan Bradley Dec 06, 2023 6 mins Patch Management Software Threat and Vulnerability Management Windows Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe