Both companies reported that a third-party vendor's systems were infiltrated on April 30. The airlines were made aware on May 3 and began sending letters to affected staff Friday. The data breach contained the"name and Social Security number, driver’s license number, passport number, date of birth, Airman Certificate number, and other government-issued identification number" of pilots and other staff. American reported 5,745 employees were affected, and Southwest reported 3,009.
Both companies maintained that their own systems were unaffected and uncompromised. Additionally, Southwest committed to no longer working with the third-party vendor. American Airlines would not confirm or deny that it will continue to employ the vendor in a statement to the Washington Examiner."At this time, we have no evidence to suggest that the affected information was targeted or misused for purposes of fraud or identity theft," the letter sent to Southwest employees read.
As reparation, American Airlines gave affected staff a two-year membership to Experian’s IdentityWorksSM Credit 3B, and Southwest offered the Equifax Complete Premier equivalent. The memberships can help restore the identities of those who may have their identity stolen in the future.