Southwest and American airlines recently discovered that a third-party platform they used to recruit new pilots was hit by a cyber attack earlier this year.

Pilot–to–Pilot Credentials: request for permission to protect user data

In order to streamline pilot job applications, various airlines partner with a software company called Pilot Credentials to provide them with a “pilot recruitment portal.” It is believed that the Pilot Credentials’ computer systems were compromised on April 30, 2023, leading to the exposure of portal-users’ private information. The attack was detected a few days later, and American and Southwest have since informed those potentially affected.

According to Cybersecurity Dive, the attackers “stole documents, including specialized credentials and government-issued IDs for 5,745 applicants with American and 3,009 applicants with Southwest.” While they only breached Pilot Credentials’ systems, it is unclear if data from any other partner airlines was accessed.

Ensuring a safer future

Following the incident, Southwest and American have severed ties with Pilot Credentials, and will now be using internal portals for all incoming pilot applications. They also shared that so far “no evidence… suggest[s] the candidates’ information [has been] targeted or misused.”

As attacks on critical national infrastructure organizations appear to be on the rise, with both American and Southwest having experienced breaches within the past year, experts are urging governments and private companies to remain vigilant in the fight against cybercrime.