BleepingComputer reports that major airline carriers American Airlines and Southwest Airlines had information from nearly 9,000 pilot applicants stolen following a cyberattack against third-party pilot application and recruitment portal manager Pilot Credentials.
Attackers were able to compromise Pilot Credentials' systems on April 30, resulting in the exfiltration of documents with pilot and cadet applicant information, while both airlines were informed regarding the incident on May 3. American Airlines said in a breach notification filed with Maine's Office of the Attorney General that information from 5,745 pilots and applicants, including names, birthdates, Social Security numbers, Airman Certificate numbers, and passport numbers, have been exposed, while Southwest reported that the attack has impacted 3,009 individuals. Both airlines assured that none of their own systems or networks have been affected by the third-party breach, as well as stressed that all pilot and cadet applications will be processed using their proprietary internal portals following the incident.
