Data breaches are one of the major scourges of the modern world. Worse, when these breaches happen, they’re often out of our control. Case in point, American Air falls victim to a phishing attack, putting customer and employee data in criminal hands.
The fact that a data breach happened at the world’s largest airline is frustrating yet unsurprising. Data breaches are an inevitable fact of life these days. Yet, this one could have been avoided with more vigilance, as it wasn’t a brute-force attack. This was a phishing attack, meaning someone at American (many people, actually) were tricked into clicking on something or sharing information they shouldn’t have. But that’s not the most frustrating part about this.
American Air Falls Victim to a Phishing Attack
Sure, the fact that employees at American could’ve avoided this whole incident with better training is frustrating. What’s worse, though, is that the attack happened in July, and American only recently notified customers about it. That means they waited TWO MONTHS to inform customers that their information may have been compromised. Despite this, American has been very ambiguous about what’s going on too.
When asked by Gizmodo for details surrounding the attack, an American rep informed them that only a “limited number” of customers and employees were impacted by the incident. Further, it appears that information involved in the breach includes name, date of birth, mailing address, phone number, email address, driver’s license number, passport number, and/or certain medical information customers provided to the airline. No credit card information was stolen, though I think I’d prefer to have that taken than my driver’s license number. At least it’s easy to replace a credit card!
American states that its offering impacted customers two years of free Experian identity theft and credit monitoring services. As a result, if you haven’t been offered these services by American, you’re likely safe. For now.
Final Thoughts
While everyone else is reporting on American’s new business class seats – which are really nice – I’m here telling you guys about how American Air falls victim to a phishing attack and doesn’t inform its customers until way later. Not cool. To me, this is just another failure among many by the airline since US Airways took over. At least there are things you can do to help protect yourself. For one, monitor your credit using a free service like Credit Karma. Also, change your AA password and use a strong, complex one.