The accounts were compromised as the result of a phishing campaign. | Photo by Amelia Holowaty Krales / The Verge
American Airlines is alerting some of its customers to a data breach, where an “unauthorized actor” got access to names, birthdays, mailing and email addresses, phone, driver’s license and passport numbers, and “certain medical information” by compromising employee email addresses (via Bleeping Computer). According to a sample letter from the company, dated September 16th, the airline discovered the breach in July and began an investigation with a third-party security cybersecurity firm.
I asked the company if it knew how long the attackers had access to the email accounts before the breach was discovered. In response, spokesperson Andrea Koos sent the airline’s statement, which contains a few details about what happened but doesn’t…
