Cyber Incident Victim: American Airlines Group Inc.
Date:
Aug 2015
Location:
United States of America
Summary
A China-linked hacking group breached systems at American Airlines and Sabre, a major travel reservation processor serving hundreds of airlines and hotels. The attackers, previously implicated in compromising U.S. health insurers and stealing military personnel records, infiltrated critical infrastructure supporting the nation's air-travel operations. Sabre confirmed unauthorized access to its networks, while the airline investigated potential computer intrusions. The incident targeted sensitive reservation databases and operational systems central to aviation logistics.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In August 2015, American Airlines Group Inc. and Sabre Corp. were identified as targets of a cyberattack linked to a China-affiliated hacking group. The attackers, previously associated with breaches at major U.S. health insurers and theft of personnel records from military and intelligence agencies, infiltrated critical components of the national air-travel infrastructure. Sabre Corp., a central reservations system provider serving hundreds of airlines and thousands of hotels, confirmed a recent compromise of its systems. American Airlines, the world’s largest carrier at the time, simultaneously disclosed it was investigating potential unauthorized access to its internal computer networks. The incidents represented an escalation in the group’s targeting of transportation sector entities following prior intrusions into healthcare and government systems.
Investigations into the breaches remained ongoing at the time of public disclosure, with neither company specifying the exact timeline of the intrusions or the full scope of compromised data. Sabre’s confirmation indicated operational systems supporting airline bookings and hotel reservations were affected, though technical details about attacker methodologies weren’t released. American Airlines did not confirm data exfiltration but acknowledged examining potential hacker access points across its infrastructure. The incidents underscored vulnerabilities in interconnected travel industry systems, with Sabre’s central role in global reservations amplifying potential ripple effects. No customer data disclosures or flight operation disruptions were reported by either entity in immediate aftermath statements.