--- title: "American Airlines Suffers Employee Email Data Breach, Personal Information at Risk | Phish Protection" description: "Airline giant, American Airlines released a data breach notification, informing about a data breach compromising the accounts of its employees." image: "https://phishprotection.com/og/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk.png" canonical: "https://phishprotection.com/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk/" --- Quick Answer Airline giant, American Airlines released a \[data breach\](/phishing/data-breaches-how-they-impact-small-businesses) notification, informing about a data breach compromising the accounts of its employees. This article shares details of the data breach, the information that was leaked, how American Airlines is dealing with it, and what employees can do to protect themselves. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Famerican-airlines-suffers-employee-email-data-breach-personal-information-risk%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=American%20Airlines%20Suffers%20Employee%20Email%20Data%20Breach%2C%20Personal%20Information%20at%20Risk&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Famerican-airlines-suffers-employee-email-data-breach-personal-information-risk%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Famerican-airlines-suffers-employee-email-data-breach-personal-information-risk%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Famerican-airlines-suffers-employee-email-data-breach-personal-information-risk%2F&title=American%20Airlines%20Suffers%20Employee%20Email%20Data%20Breach%2C%20Personal%20Information%20at%20Risk "Share on Reddit") [ ](mailto:?subject=American%20Airlines%20Suffers%20Employee%20Email%20Data%20Breach%2C%20Personal%20Information%20at%20Risk&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Famerican-airlines-suffers-employee-email-data-breach-personal-information-risk%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/10/phishing-attack-prevention-7796.jpg) Airline giant, American Airlines released a [data breach](/phishing/data-breaches-how-they-impact-small-businesses) notification, informing about a data breach compromising the accounts of its employees. This article shares details of the data breach, the information that was leaked, how American Airlines is dealing with it, and what employees can do to protect themselves. tates’ major airlines, with its headquarters in Texas. American Airlines is the world’s largest airline, with over[$165.7 million](https://www.statista.com/topics/2425/american-airlines-group/#topicHeader%5F%5Fwrapper)passengers carried, a[$161.5 billion](https://www.statista.com/topics/2425/american-airlines-group/#topicHeader%5F%5Fwrapper)revenue, and over 1300 mainline aircraft . According to[Statista](https://www.statista.com/statistics/422354/number-of-employees-of-american-airlines-group/), American Airlines had 123,400 employees in 2021, meaning the threat actors could have accessed a significant number of employee email accounts in the data breach. \*\* \*\* ### What Is American Airlines Data Breach? American Airlines uncovered a [threat actor](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems) in July 2022\. The threat actor had compromised the email accounts of limited American Airlines employees. American Airlines secured the email accounts and promptly hired a third-party [cybersecurity](/) organization to define the **nature and scope of the data breach** via a full-scale forensic investigation. American Airlines says that the investigation supplied facts that the compromised email accounts included the personal information of its employees and further conducted an **eDiscovery exercise**. (An electronic discovery approach to gathering, investigating, and exchanging information as evidence.) The eDiscovery exercise affirmed the presence of confidential and personal info in compromised email accounts . Although no evidence pointed to the abuse of such personal information, American Airlines released a[data breach notification](https://www.documentcloud.org/documents/22419102-american%5Fairlines%5Fdata%5Fbraech%5Fnotification%5Fsep%5F16%5F22)underlining the incident, providing defensive measures for its employees, and urging them to opt for Experian’s credit monitoring. \*\* \*\* ![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2022/10/phishing-attack-prevention-7796.jpg) ### Information Leaked during the American Airlines Data Breach American Airlines also included the details of potential information that may have been involved or compromised during the data breach. The information includes Employee Name Date of Birth Email Address Phone Number Driver’s License Number Passport Number Medical Information Since the leaked information contains [PII (Personal Identifiable Information)](https://www.investopedia.com/terms/p/personally-identifiable-information-pii.asp) and PHI (Protected Health Information), even if the data breach compromised a handful of American Airlines employee accounts, the information that the threat actors have access to is significant and can be used for malicious purposes. The threat actors can potentially apply for lines of credit, commit income tax fraud, steal prescription drugs, target victims with healthcare fraud, and create fake insurance claims . The information can also be sold on the dark web or utilized for identity theft. \*\* \*\* ### How is American Airlines Dealing with the Data Breach? American Airlines highlighted in its data breach notification that the airline has started implementing **additional technical safeguards** to prevent data breaches in the future. The airline clarifies that there is no evidence to suggest the misuse of the leaked information and has offered its employees a two-year membership of Experian’s Identity Works. Experian’s Identity Works is an advanced product that provides **sophisticated identity detection** and resolution in identity theft cases. The Verge[says](https://www.theverge.com/2022/9/20/23363257/american-airlines-data-breach-disclosure-phishing)that in response to its question of the total time the threat actors had access to the employee email accounts, spokesperson Andrea Koos revealed the official statement. Andrea Koos is the Senior Manager for Corporate Communications at American Airlines. > Koos says, “American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes. A very small number of customers and employees’ personal information was contained in those email accounts.” Koos also highlighted once again that there is “**no evidence to suggest**” that any personal information of the airline’s employees was misused. The statement may be present in various sources and the data breach notification by the airline. However, the question arises why the airline was aware of a [phishing campaign](/phishing-awareness/phishing-campaign-spreading-evolved-icexloader-malware-exfiltrate-data) and did not take adequate protective measures for its employees. This is not the only recent case, as American Airlines also suffered when SITA’s servers were breached last year. \*\* \*\* ### SITA Server Data Breach Recap that Affected American Airlines SITA aero suffered a data breach in 2021 when confidential information of passengers was accessed. The threat actors breached the [PSS (Passenger Service System)](https://en.wikipedia.org/wiki/Passenger%5Fservice%5Fsystem) and had access to ticket reservations and boarding transactions. The data breach impacted over 2.1 million individuals , most of them belonging to Lufthansa’s Miles and More frequent fliers. SITA issued a[public statement](https://www.sita.aero/pressroom/news-releases/sita-statement-about-security-incident/)about the data breach, which harmed many airline giants such as _American Airlines, Air New Zealand, Singapore Airlines, Malaysia Airlines, and more_. \*\* \*\* ### What Can American Airlines Employees Do? American Airlines has recommended its employees to: Enroll in Experian’s Credit Monitoring. **Regularly review account statements** and free credit reports. Freeze the account in case of suspicious activity. Considering the data that is at risk, there is little that employees can do. Following Andrea Koos’ statement and the presence of the phishing campaign, it would be best for employees to learn more about phishing and undergo [phishing awareness programs](/content/phishing-awareness-training/phishing-awareness) to keep away from **malicious emails** and phishing links. \*\* \*\* ![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2022/10/phishing-prevention-tips-7795.jpg) ### What is Phishing, and How can American Airlines Employees Protect Against Phishing? [Phishing](/resources/what-is-phishing/) is a social engineering cyber crime that involves email communication to establish contact. These emails often contain [URLs (Uniform Resource Locators)](https://www.techtarget.com/searchnetworking/definition/URL#:~:text=A%20URL%20%28Uniform%20Resource%20Locator%29%20is%20a%20unique%20identifier%20used,where%20to%20retrieve%20a%20resource.) to protected files, fake websites, dropboxes, and malicious downloads that are designed to **harvest login credentials** and steal information. You can easily protect against phishing by: - **_Automated Tools:_**Automated tools to detect phishing emails and security software such as antivirus and firewalls. - **_Mobile Security:_**Keeping mobile devices up to date to detect malicious files and activity. - **_Implementing MFA:_**Using multi-factor authentication for additional security while logging into the email and other accounts. - **_Phishing Awareness:_**Looking out for giveaways of [phishing emails](/content/stop-phishing-emails/) such as: Unsolicited communication and phishing links. Grammatical errors in the text. Incorrect information as compared to authentic websites. **The urgency of email conversations** such as _payment of bills, tax invoices, cancellation of services, account updating, and similar ones._ ### Final Words Being one of the world’s largest airlines that handles nearly 7000 daily flights to over 350 destinations globally, the American Airlines data breach has showcased how the larger organizations are the target of [cybercriminals](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) who are not wasting a single day wreaking havoc. The organization has not yet disclosed the number of employees impacted by the data breach and has not supplied the details of the breach, how the attack happened, or the details of the ongoing forensic investigation. Until the details are available to the public, employees should follow the above guidelines for [protection from phishing](/) and **continuously monitor their accounts** and financial statements for malicious activity. ## Topics [ Cybersecurity ](/tags/cybersecurity/)[ Phishing ](/tags/phishing/)[ Phishing Awareness ](/tags/phishing-awareness/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m BitRAT Malware Threat Actors Leveraging Stolen Columbian Cooperative Bank Data in Phishing Campaign Jan 18, 2023 ](/blog/bitrat-malware-threat-actors-leveraging-stolen-columbian-cooperative-bank-data-in-phishing-campaign/)[ Intermediate 5m Find Out About the Latest Case of Threat Actors Utilizing Phishing-as-a-Service to Steal $120,000 Feb 20, 2023 ](/blog/find-out-about-the-latest-case-of-threat-actors-utilizing-phishing-as-a-service-to-steal-120000/)[ Intermediate 5m GoDaddy Customers Beware: Hackers Have Been Stealing Source Code for Years Mar 6, 2023 ](/blog/godaddy-customers-beware-hackers-have-been-stealing-source-code-for-years/)[ Intermediate 5m The Latest Iran-aligned Hacker Phishing Campaign Targeting Middle Eastern Countries Jan 4, 2023 ](/blog/latest-iran-aligned-hacker-phishing-campaign-targeting-middle-eastern-countries/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"American Airlines Suffers Employee Email Data Breach, Personal Information at Risk","description":"Airline giant, American Airlines released a data breach notification, informing about a data breach compromising the accounts of its employees.","url":"https://phishprotection.com/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk/","datePublished":"2022-10-04T08:22:06.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-10-04T08:22:06.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk/"},"articleSection":"intermediate","keywords":"Cybersecurity, Phishing, Phishing Awareness","wordCount":1151,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/10/phishing-attack-prevention-7796.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What Is American Airlines Data Breach?","acceptedAnswer":{"@type":"Answer","text":"American Airlines uncovered a [threat actor](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems) in July 2022. The threat actor had compromised the email accounts of limited American Airlines employees. American Airlines secured the email accou..."}},{"@type":"Question","name":"How is American Airlines Dealing with the Data Breach?","acceptedAnswer":{"@type":"Answer","text":"American Airlines highlighted in its data breach notification that the airline has started implementing **additional technical safeguards** to prevent data breaches in the future. The airline clarifies that there is no evidence to suggest the misuse of the leaked information and has offered its e..."}},{"@type":"Question","name":"What Can American Airlines Employees Do?","acceptedAnswer":{"@type":"Answer","text":"American Airlines has recommended its employees to:"}},{"@type":"Question","name":"What is Phishing, and How can American Airlines Employees Protect Against Phishing?","acceptedAnswer":{"@type":"Answer","text":"[Phishing](/resources/what-is-phishing/) is a social engineering cyber crime that involves email communication to establish contact. These emails often contain [URLs (Uniform Resource Locators)](https://www.techtarget.com/searchnetworking/definition/URL#:~:text=A%20URL%20(Uniform%20Resource%20Loc..."}}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"American Airlines Suffers Employee Email Data Breach, Personal Information at Risk","item":"https://phishprotection.com/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk/"}]} ```