DALLAS — On Friday, American Airlines (AA) and Southwest Airlines (WN) reported data breaches caused by a hack of Pilot Credentials, which is a third-party vendor that handles the pilot applications and recruitment portals for multiple airlines.

On May 3, both airlines were notified of the Pilot Credentials incident, which affected only the third-party vendor's systems. The airlines' own networks and systems were not compromised.

An unauthorized person accessed Pilot Credentials' systems on April 30 and took documents that contained information from some pilot and cadet applicants during the hiring process.

There's no evidence found suggesting that the pilots' personal information was specifically targeted or used for fraudulent or identity theft purposes.

The Hack

On April 30, an unauthorized person accessed the systems of Pilot Credentials and took documents containing information provided by some applicants during the hiring process for pilots and cadets.

According to breach notifications submitted on Friday to Maine's Attorney General's Office, AA stated that the data breach impacted 5,745 pilots and candidates, while WN reported a total of 3,009 affected individuals.

"We are no longer using the vendor and moving forward, pilot applicants will be directed to an internal portal managed by Southwest," said Southwest Airlines.

According to bleepingcomputer.com. AA had previously reported a data breach in September 2022. The attack, which occurred in July of that year, was a phishing attack that resulted in several employee email accounts being compromised. The breach affected more than 1,708 AA customers and team members.

Featured image: A United Airlines Boeing 737-9 MAX, American Airlines, and Southwest Airlines Boeing 737-8 MAX sit in Renton. Photo: Brandon Farris/Airways