Microsoft 365 Email Hack Led to American Airlines Breach

Airline Says July Phishing Incident Exposed Personal Information of 1,700 People
Microsoft 365 Email Hack Led to American Airlines Breach

American Airlines says unauthorized access to its email system is behind a July breach of personal information affecting 1,708 people.

See Also: On Thin ICES: Augmenting Microsoft 365 with Integrated Cloud and Email Security

While the airline says the risk to victims is "remote," the carrier has notified affected individuals and offered them two years of credit and identity protection services.

American said in a statement to the Maine attorney general that it is reviewing its security measures and internal controls. "American is currently implementing additional safeguards to prevent a similar incident from occurring in the future."

The breach was discovered by the airline on July 5 after individuals reported receiving phishing emails from an American employee's account and unauthorized activity was detected in the company's Microsoft 365 environment.

A subsequent investigation detailed to the New Hampshire attorney general found the threat actor was able to sync with the email inboxes of at least one airline employee via the IMAP email protocol. The actor sent out phishing emails from the employee's account and snooped into files on an employee SharePoint site.

Information the threat actor had access to may have included names, Social Security numbers, employee numbers, dates of birth, mailing addresses, phone numbers, email addresses, driver's license numbers and passport numbers. Only a small number of documents contained personal information, according to the airline, "and it would have taken the unauthorized actor significant time and resources to locate the personal information in the mailboxes."

American Airlines began notifying those affected on Sept. 16 and is offering them a two-year membership of Experian's ldentityWorks service, which includes a free credit report, triple bureau credit monitoring, identity restoration and up to $1 million in identity theft insurance.


About the Author

Cal Harrison

Cal Harrison

Editorial Director, ISMG

Harrison helps ISMG readers gain new perspectives on the latest cybersecurity trends, research and emerging insights. A 30-year veteran writer and editor, he has served as an award-winning print and online journalist, mass communication professor and senior digital content strategist for DXC Technology, where he led thought leadership, case studies and the Threat Intelligence Report for the Fortune 500 firm's global security, cloud and IT infrastructure practices.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.