Cyber Incident Victim: Virgin America

On March 13, 2017, an unauthorized individual breached Virgin America's corporate network, accessing information systems containing employee data. The airline confirmed the intrusion in a July 27, 2017 letter to staff, disclosing that the hacker had compromised login credentials and passwords used by personnel to access corporate resources. Forensic analysis determined that 3,120 employees and contractors had their network authentication details exposed. A subset of 110 employees suffered additional compromise of sensitive personal information, including home addresses, Social Security numbers, government-issued identification documents such as driver's licenses, and health-related records. Virgin America's security team detected the unauthorized activity and terminated the attacker's access, though the initial intrusion vector remained unidentified. The company mandated immediate password resets for all affected personnel following containment.

Virgin America engaged an undisclosed cybersecurity firm to investigate the breach and notified law enforcement authorities. The compromised systems did not contain customer data for either Virgin America or Alaska Airlines, which had acquired Virgin for $2.6 billion in 2016. Corporate email systems hosted through Google with mandatory two-factor authentication remained unaffected, suggesting the attacker did not exploit credential reuse from external breaches. The incident occurred independently of a separate breach at Sabre Corporation, Virgin America's reservations software provider, which impacted numerous other airlines and hospitality companies. No operational systems or flight safety infrastructure were compromised during the intrusion. Virgin America maintained operations under its existing branding until its planned retirement in 2018 following the Alaska Air merger.