AA and SWA pilot app data breach

BobDDuck

BobDDuck

Island Bus Driver
Looks like the 3rd party company American and Southwest were using for pilot applications had a data breach and over 8000 users had all of their personnel information exposed.

Oops! I'm sure 2 years of free credit monitoring will make everything all better.

www.bleepingcomputer.com

American Airlines, Southwest Airlines disclose data breaches affecting pilots

American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines' pilot applications and recruitment portals.
www.bleepingcomputer.com www.bleepingcomputer.com
 
Isn’t Southwest moving to their own internal process, kind of like United, instead of pilot Credentials?

That’s what they keep telling me in their hiring emails they like to spam me with anyhow
 
BobDDuck said:
Looks like the 3rd party company American and Southwest were using for pilot applications had a data breach and over 8000 users had all of their personnel information exposed.

Oops! I'm sure 2 years of free credit monitoring will make everything all better.

www.bleepingcomputer.com

American Airlines, Southwest Airlines disclose data breaches affecting pilots

American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines' pilot applications and recruitment portals.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...

God, this is irritating. PilotCredentials' user experience is already really difficult with browser issues and less-than-responsive technical support. Last month, both the AA recruiting and SWA recruiting indicated that they were moving away from PC...but SWA hasn't yet, and from what I can tell casually, AA either mirrored PC under a new domain (if that's the right term, it may not be) or just decided to copy 99% of what PC was doing on their own.

There has been a lot of uncertainty about whether or not the current systems for either company were actually working, because there's a complete lack of confirmation from the systems when the application is complete.
 
Richman said:
For an industry, especially AMR, who has been doing IT since IT became a thing, you would figure they would do it better.
Click to expand...
You mean I can't still use this?
 

Attachments

  • IMG_20230624_1359364.jpg
    IMG_20230624_1359364.jpg
    1.4 MB · Views: 38
Richman said:
For an industry, especially AMR, who has been doing IT since IT became a thing, you would figure they would do it better.
Click to expand...
The problem is they’ve barely advanced since IT became a thing. AA IT is amazingly stupid. We have some really neat tools and ideas but I’ll be damned if it’s nothing more than a fresh coat of paint on a 50 year old system. Couple that with how convoluted damn near everything is at AA and you have a super storm of insanity.
 
poser765 said:
The problem is they’ve barely advanced since IT became a thing. AA IT is amazingly stupid. We have some really neat tools and ideas but I’ll be damned if it’s nothing more than a fresh coat of paint on a 50 year old system. Couple that with how convoluted damn near everything is at AA and you have a super storm of insanity.
Click to expand...
I mean I can program in COBOL
 

Attachments

  • COBOL_Report_Apr60.djvu.jpg
    COBOL_Report_Apr60.djvu.jpg
    138.3 KB · Views: 27
BobDDuck said:
Looks like the 3rd party company American and Southwest were using for pilot applications had a data breach and over 8000 users had all of their personnel information exposed.
Click to expand...
I'm Shocked! ... ... ... Shocked!!

ahw01 said:
I mean I can program in COBOL
Click to expand...
Ironically, COBOL and FORTRAN are likely the greatest contributor to the security of most bank and airline systems. The code kiddy "hackers" have never seen it and have no idea what to do with it. Also, it's extremely unlikely that they can surf over to incompetenthackerdollarstore.com and purchase the malware bites they might otherwise be able to exploit. Security by Obscurity.

I'm not saying that's a good thing. But it IS at thing. As messed up as that situation is on many levels, it's one of the few instances in which NOT knowing one's origin and history actually benefits society.
 
Last edited:
poser765 said:
The problem is they’ve barely advanced since IT became a thing. AA IT is amazingly stupid. We have some really neat tools and ideas but I’ll be damned if it’s nothing more than a fresh coat of paint on a 50 year old system. Couple that with how convoluted damn near everything is at AA and you have a super storm of insanity.
Click to expand...
While I get that things often feel like that, it's not always that easy.

Tell that to the guys who designed the 737 or the DC3. A central tenant of engineering risk tolerance is "If it ain't broke, don't fix it."

New is not necessarily better. Not at all. What we do know about new is that it is, sometimes, actually new.

In any case, adding more energy to any kind of storm is a sure way to make that storm WORSE.
 
Last edited:
Richman said:
For an industry, especially AMR, who has been doing IT since IT became a thing, you would figure they would do it better.
Click to expand...

The older systems are laughably slapshod and those managing them are either clueless or beaten down for outrageously suggesting that the department does the right thing to prevent total system collapse and just biding their time until retirement.
 
form810 said:
While I get that things often feel like that, it's not always that easy.

Tell that to the guys who designed the 737 or the DC3. A central tenant of engineering risk tolerance is "If it ain't broke, don't fix it."

New is not necessarily better. Not at all. What we do know about new is that it is, sometimes, actually new.

In any case, adding more energy to any kind of storm is a sure way to make that storm WORSE.
Click to expand...
And sometimes ignoring the storm is problematic also.
 
JordanD said:
At this point I wonder where my data hasn't been stolen from.
Click to expand...

Yup, assume it’s out there.

Credit locks
Multi-factor authentication
Crazy passwords and don’t reuse them.
Always lie with the questions like “What is your mothers maiden name” “Mbasa!” because it takes 30 seconds trawling social media to find that.
 
You must log in or register to reply here.
Back
Top