According to breach notifications filed on Friday by American Airlines and Southwest Airlines, both disclosed data breaches caused by the hack of Pilot Credentials, a third-party vendor that manages numerous airlines’ pilot applications and recruitment portals.
On May 3rd, the two airlines were informed an unauthorized individual gained access to Pilot Credentials’ systems on April 30 and stole documents containing the data of 5,745 American Airlines and 3,009 Southwest applicants in the pilot and cadet hiring process. The incident was limited solely to the systems of the third-party vendor, with no compromise on the airlines’ own networks.
“Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s),” American Airlines revealed.
“We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest,” Southwest Airlines said.
Roy Akerman, Co-Founder & CEO, Rezonate had this to say:
“Third party access and supply chain risks continue to be the leading reasons for recent security breaches. Whether critical information is managed by a third-party application, or a vendor has direct access to one’s infrastructure, additional security risk is introduced and therefore must be monitored and controlled. While organizations are realizing more and more that third party risk is their risk, more work is required to enable this awareness across people, technology and processes.”
Supply chain attacks are real. Thus organizations need to make sure that the diligence that they apply to their internal systems is applied to all the external systems that they use. That way the chances of getting pwned by hackers is way less.
Related
This entry was posted on June 26, 2023 at 2:38 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
American Airlines And Southwest Airlines Disclose 3rd Party Data Breach Affecting Pilots
According to breach notifications filed on Friday by American Airlines and Southwest Airlines, both disclosed data breaches caused by the hack of Pilot Credentials, a third-party vendor that manages numerous airlines’ pilot applications and recruitment portals.
On May 3rd, the two airlines were informed an unauthorized individual gained access to Pilot Credentials’ systems on April 30 and stole documents containing the data of 5,745 American Airlines and 3,009 Southwest applicants in the pilot and cadet hiring process. The incident was limited solely to the systems of the third-party vendor, with no compromise on the airlines’ own networks.
“Our investigation determined that the data involved contained some of your personal information, such as your name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number(s),” American Airlines revealed.
“We are no longer utilizing the vendor, and, moving forward, Pilot applicants are being directed to an internal portal managed by Southwest,” Southwest Airlines said.
Roy Akerman, Co-Founder & CEO, Rezonate had this to say:
“Third party access and supply chain risks continue to be the leading reasons for recent security breaches. Whether critical information is managed by a third-party application, or a vendor has direct access to one’s infrastructure, additional security risk is introduced and therefore must be monitored and controlled. While organizations are realizing more and more that third party risk is their risk, more work is required to enable this awareness across people, technology and processes.”
Supply chain attacks are real. Thus organizations need to make sure that the diligence that they apply to their internal systems is applied to all the external systems that they use. That way the chances of getting pwned by hackers is way less.
Share this:
Like this:
Related
This entry was posted on June 26, 2023 at 2:38 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.