Hackers gained access to more than 8,000 Southwest Airlines and American Airlines pilot applicants’ personal information following a security breach on April 30.
During the breach, details such as names, passport and social security numbers, and pilot license numbers were stolen from a Texas-based recruitment support company, Pilot Credentials.
According to a filing with Maine’s Office of the Attorney General, approximately 5,745 pilot applicants at American and 3,009 at Southwest were affected.
While the breach occurred April 30, with airlines finding out about it on May 3, pilots were not notified until last week—nearly two months after the incident.
The Allied Pilots Association, which represents 15,000 American Airlines pilots, expressed its frustration with the airline’s lack of transparency, noting the breach affected some 2,200 of its members.
American said there was no evidence the information was used for fraudulent purposes and noted its own systems were not compromised during the breach at Pilot Credentials. The airline offered each affected applicant two years of coverage from a service designed to protect people from identity theft.
Since the hack, both airlines have cut ties with Pilot Credentials and have started processing applications through their own websites and internal portals rather than using a third-party vendor. Southwest issued a statement that noted it is”no longer utilizing the vendor, and, moving forward, pilot applicants are being directed to an internal portal managed by Southwest.”
Both carriers are working with authorities on the matter.