American Airlines phishing attack involved unauthorized access to Microsoft 365 – Cybersecurity Dive

American Airlines phishing attack involved unauthorized access to Microsoft 365 – Cybersecurity Dive

American Airlines phishing attack involved unauthorized access to Microsoft 365 – Cybersecurity Dive 0 0 Alan Dickson

The airline has begun disclosing additional details to state regulators, confirming more than 1,700 people were impacted.
Unauthorized access of American Airlines’ Microsoft 365 environment identified July 5 was the result of a successful phishing email sent to an employee’s account, lawyers for the airline disclosed in a letter to New Hampshire’s Attorney General’s office. 
An investigation by the American Cyber Security Response Team showed the unauthorized actor used an IMAP protocol to access employee mailboxes. The actor may have also previewed files on an employee SharePoint site.
In total,1,708 people were impacted by the breach, which occurred between July 3-7, according to a filing with the Maine Attorney General’s office. The information accessed by the actor included names, addresses, driver’s license numbers, passport information and other personally identifiable information.
The airline previously confirmed the attack, which was identified July 5, and said it hired an outside forensic cybersecurity firm to help investigate the incident. 
The company, which also owns Envoy Air and Piedmont Airlines, said there was no indication any of the PII was misused. American discovered the PII in the mailboxes on August 16, after the internal investigation had begun.
American said it took considerable time to confirm individual identities, which required searching internal HR records and working with Experian to help identify specific individuals. 
A spokesperson for American said previously the airline was taking certain technical measures to make sure such an incident did not occur in the future.
Get the free daily newsletter read by industry experts
Tenure matters, but not as you might suspect. Median total cash compensation dropped for CISOs in their roles at least five years, Heidrick & Struggles found. 
Security executives from Zoom, NS1 and Oomnitza shared their security priorities for the rest of 2022, with a special emphasis on mastering the basics. 
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started
Tenure matters, but not as you might suspect. Median total cash compensation dropped for CISOs in their roles at least five years, Heidrick & Struggles found. 
Security executives from Zoom, NS1 and Oomnitza shared their security priorities for the rest of 2022, with a special emphasis on mastering the basics. 
The free newsletter covering the top industry headlines

source

    Would you like to receive notifications on latest updates? No Yes