American Airlines data breach exposes personal customer information

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

American Airlines data breach overview:

• Who: American Airlines notified its customers of a recent data breach.
• Why: Hackers compromised an undisclosed number of employee email accounts to gain access to sensitive personal information. 
• Where: The American Airlines data breach impacts customers nationwide. 

American Airlines revealed it was hit by a July data breach that saw customers’ personal information exposed to hackers. 

On Sept. 16, the airline sent notifications to customers who may have been impacted by the attack. 

In it, American Airlines says that attackers entered an undisclosed number of employee email accounts and gained access to sensitive personal information.

The company has not yet revealed the number of affected customers and how many email accounts were breached in the incident. 

American Airlines is not currently facing legal action over the data breach, but Top Class Actions follows data breaches closely as they sometimes end in class action lawsuits.

American Airlines data breach may have exposed passport, medical info 

American Airlines discovered the breach on July 5, immediately secured the impacted email accounts and hired a cybersecurity forensic firm to investigate the security incident, it says. 

“In July 2022, we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members,” the airline says in the customer letters. “Upon discovery of the incident, we secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident.”

American Airlines did not state why it informed customers about the breach several months later.

Personal information exposed in the American Airlines data breach and potentially accessed by the threat actors may have included employees’ and customers’ names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers and medical information.

The airline says it will offer affected customers a free two-year membership to Experian’s IdentityWorks for help with identity theft detection and resolution.

“Although we have no evidence that your personal information has been misused, we recommend that you enroll in Experian’s credit monitoring,” American Airlines says. “In addition, you should remain vigilant, including by regularly reviewing your account statements and monitoring free credit reports.”

Meanwhile, in March, an Illinois federal judge dismissed class action claims filed against American Airlines by consumers who alleged their voices were unlawfully collected and stored after calling customer service.

Were you affected by the American Airlines data breach? Let us know about your experience in the comments! 

Read About More Class Action Lawsuits & Class Action Settlements:

• Data breach class action lawsuits accuse companies of not guarding consumer info
• ClearBalance data breach $2.65M class action settlement
• SN Servicing Corp. data breach $900K class action settlement
• PCS Revenue Control Systems data breach $1.135M class action settlement