DALLAS -- American Airlines says personal information of a “very small number” of customers and employees was compromised after hackers breached some employee email accounts.
There is no indication that the attackers have misused any of the personal information, the company said.
American notified customers last week that the breach was discovered in July, according to law enforcement officials in Montana. American said it locked down the breached accounts and hired a cybersecurity firm to investigate.
American told customers that information in the compromised email accounts could have included their date of birth, driver’s license and passport numbers and medical information they provided to the airline.
Affected customers were offered two years of identity theft-protection coverage, American said.
The airline declined to say how precisely how many people had their personal information exposed or the nature of that information.
“American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes,” American spokesman Curtis Blessing said. “A very small number of customers and employees’ personal information was contained in those email accounts.
Blessing said American is putting in place “additional technical safeguards to prevent a similar incident from occurring in the future.”
American is based in Fort Worth, Texas.
This story was previously corrected to show that American Airlines said it had no indication that hackers have misused any of the personal information.