Cyber Security Threat Summary:
American Airlines and Southwest Airlines, two of the largest airlines in the world, recently experienced data breaches caused by the hack of a third-party vendor called Pilot Credentials. The breach occurred on April 30, and both airlines were informed on May 3. The unauthorized individual gained access to Pilot Credentials' systems and stole documents containing information provided by pilot and cadet applicants. American Airlines reported that the breach affected 5,745 pilots and applicants, while Southwest reported a total of 3,009. The stolen information included personal details such as names, Social Security numbers, driver's license numbers, passport numbers, and more. Both airlines have terminated their relationship with the vendor and are directing applicants to self-managed internal portals. They have also notified law enforcement and are cooperating with investigations.

Security Officer Comments:
It is concerning that American Airlines has experienced multiple data breaches in recent years, suggesting potential weaknesses in their cybersecurity practices. The phishing attack in July 2022 and the breach through SITA's servers in March 2021 demonstrate the need for robust security measures to protect customer and employee data. These data breaches highlight the vulnerability of third-party vendors and the potential risks associated with outsourcing critical services. The fact that both airlines' networks and systems were not compromised is a positive aspect, indicating that the breach was contained to the third-party vendor's systems. However, the theft of personal information can still have serious consequences for affected individuals. The stolen data includes sensitive details that could be used for identity theft or other fraudulent activities.

Suggested Correction(s):
Third-party risk assessments are essential evaluations conducted by organizations to assess and mitigate potential risks associated with engaging external vendors or partners. These assessments help identify vulnerabilities in the security practices of third parties, ensuring that they have adequate measures in place to protect sensitive data and comply with regulations. By conducting these assessments, organizations can proactively mitigate risks, maintain compliance, protect their reputation, and enhance their overall security posture. Overall, third-party risk assessments play a crucial role in managing the inherent risks associated with third-party relationships and safeguarding organizational assets.

Link(s):
https://www.bleepingcomputer.com/