Cyber Incident Victim: Alaska Airlines
Date:
Mar 2017
Location:
United States of America
Summary
A hacker breached Virgin America's corporate network, compromising login credentials for over 3,000 employees and contractors while potentially accessing personal information—including government IDs, Social Security numbers, and health data—for approximately 110 individuals. The unauthorized access prompted forced password resets across the organization, with the company engaging a cybersecurity firm and notifying law enforcement. No customer data was affected, and the incident was unrelated to a separate breach involving a reservation software provider used by the airline. Security measures like two-factor authentication were reportedly in place at the time of the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 13, 2017, an unauthorized actor breached Virgin America's corporate network, accessing information systems containing employee and contractor data. The airline confirmed the intrusion in a July 27, 2017 letter to staff, disclosing that the attacker compromised login credentials and passwords used to access corporate resources. The breach affected 3,120 employees and contractors whose network authentication details were exposed. A subset of 110 employees suffered additional compromise of sensitive personal information, including addresses, Social Security numbers, government-issued identification details (such as driver's licenses), and health-related data. Virgin America's security team detected the unauthorized access and implemented measures to terminate the attacker's network presence. The company mandated immediate password resets for all affected personnel as part of containment efforts. While the breach notification occurred months after the incident, Virgin America emphasized there was no impact to customer data for either Virgin America or Alaska Airlines.
The company engaged an unspecified cybersecurity firm for forensic analysis and reported the incident to law enforcement authorities. Investigators could not determine the initial attack vector despite security controls including Google-hosted corporate email and enforced two-factor authentication, which likely prevented broader system access through stolen credentials. The breach occurred after Alaska Air's $2.6 billion acquisition of Virgin America in 2016, during the transition period before Virgin America's planned brand retirement in 2018. Virgin America explicitly differentiated this incident from a separate breach at Sabre Corporation, their reservation software provider, which had compromised numerous airlines and hotels through its systems. No operational disruptions to flight systems or customer-facing platforms resulted from the intrusion, with impacts confined to internal employee data exposure and credential compromise requiring administrative remediation.