American Airlines pilot union hit by ransomware attack

Allied Pilots Association (APA), a labor union representing 15,000 American Airlines pilots, disclosed a ransomware attack that hit its systems on Monday.

The APA union was founded in 1963 and is currently the largest independent pilots' trade union in the world.

"On October 30, we experienced a cybersecurity incident. Upon discovery of the incident, we immediately took steps to secure our network. Our IT team, with the support of outside experts, continues to work nonstop to restore our systems," the union said in a statement spotted by Emsisoft threat analyst Brett Callow.

"While the investigation is ongoing, we can share that we have determined the incident was due to ransomware and that certain systems were encrypted."

APA said that its IT team and outside experts are working on restoring systems impacted by the ransomware attack from backups, with an initial focus on first bringing back pilot-facing products and tools in the hours and days ahead.

The union has launched an investigation led by third-party cybersecurity experts to assess the full extent of the incident and its impact on data stored on compromised systems.

The APA has not yet shared whether pilots' personal information was compromised in the attack or the exact number of individuals affected.

Gregg Overman, the union's communications director, told BleepingComputer that the organization couldn't provide further details beyond what had been disclosed when asked to link the incident to a ransomware operation.

​American Airlines pilots were also informed about a data breach impacting their personal information in June after the April hack of Pilot Credentials, a third-party provider that manages multiple airlines' pilot applications and recruitment portals.

In breach notifications sent to affected individuals, American Airlines said the attackers gained access to sensitive information belonging to 5745 pilots and applicants,

Information exposed in the April third-party breach includes names and Social Security numbers, driver's license numbers, passport numbers, dates of birth, Airman Certificate numbers, and other government-issued identification numbers.

In September 2022, American Airlines revealed a data breach that affected more than 1,708 customers and employees after several employee email accounts were compromised in a July 2022 phishing attack.

One year earlier, in March 2021, the airline disclosed another data breach after hackers the Passenger Service System (PSS) used by multiple airlines and operated by global air information tech giant SITA.