Cyber Incident Victim: American Airlines Group Inc.

American Airlines detected unauthorized access to employee email accounts on July 5, 2022, triggering an immediate security response. The company secured the compromised accounts upon discovery and engaged a cybersecurity forensic firm to investigate the breach's scope and origin. Investigators determined that attackers had gained access to sensitive personal information through a phishing campaign targeting employees. While the exact number of breached email accounts remained undisclosed, corporate communications confirmed the incident affected a "very small number" of both customers and employees. The compromised data included personally identifiable information, though American Airlines found no evidence of misuse during their investigation.

The airline formally notified impacted customers through letters dated September 16, 2022—over two months after breach detection—detailing the unauthorized access but withholding specific figures regarding affected individuals. Company spokesperson Andrea Koos acknowledged the phishing vector while declining to disclose quantitative details about victim counts or operational impacts. No systems beyond the compromised email accounts were confirmed as breached during the investigation. American Airlines maintained that containment measures were implemented immediately upon discovery, though the notification timeline raised questions about the duration required for forensic analysis. The incident marked another phishing-related security event in the aviation sector, with limited public disclosure about mitigation measures beyond account remediation.