Envoy Air, a wholly-owned subsidiary of American Airlines Group, has confirmed it suffered a data breach in February 2024 after a threat actor compromised an Oracle business intelligence application. The airline has stated that the security incident did not cause any operational impact.

American Airlines also clarified that customer-facing systems and sensitive customer data were not part of this incident. The company is actively investigating the root cause of the breach and is taking measures to address the situation.

Details of the Data Theft

A threat actor contacted the news outlet BleepingComputer, claiming responsibility for the attack. The actor asserted that they stole 1.7 terabytes of data, including information pertaining to American Airlines and its employees. To substantiate their claims, they provided a 1 GB data sample.

An analysis of the sample data confirmed it contained the personally identifiable information (PII) of American Airlines employees. The exposed employee PII included full names, email addresses, phone numbers, dates of birth, residential addresses, and pilot numbers.

American Airlines’ Official Response

In a statement, American Airlines confirmed the breach specifically impacted its subsidiary, Envoy Air. The company reiterated that its investigation is ongoing and that the incident was contained, with no operational disruptions reported. The airline did not provide further details on the specific nature of the Oracle application that was breached or the number of employees affected.

Source: https://www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/