An unauthorized third party managed to gained access to certain Virgin America information systems containing employee and contractor data.
How many victims? Approximately 3,230 employees and contractors were affected by the breach.
What type of information? The threat actors managed to compromise login information and password that is used to access the Virgin America's corporate network of 3120 employees and even more personal information including addresses, social security numbers, details of government-issued IDs (such as driving licenses), and health-related information for an additional 110 employees.
What happened? On March 13, 2017 the firm's data security team identified potential unauthorized access to certain Virgin America computer systems. It is unclear how they gained access to the system.
What was the response? The company initiated its incident response protocol and is taking steps to mitigate the impact and has retained cybersecurity forensic experts to investigate the incident. Law enforcement has also been notified. The company has also began remediating the affected systems and is notifying those who were affected.
Quote: “I want to assure you that our information security teams are working hard to enhance our privacy and security practices here at Virgin America to reduce the likelihood that something like this happens again,” Alaska Air Group Vice President, Legal and General Counsel, Kyle Levine said in the letter to those affected.
Source: Virgin America, ZDNet.