American Airlines Inc on Tuesday confirmed a data breach and said while an "unauthorized actor" gained access to personal information of a small number of customers and employees through a phishing campaign, there was no evidence of data misuse.
Shares of the carrier, the latest U.S. company to suffer a cyber attack, fell 2.6% in afternoon trade. Recently, Uber Technologies Inc and Take-Two Interactive Software Inc also disclosed similar breaches, leaving investors and customers worried about data security.
"We are also currently implementing additional technical safeguards to prevent a similar incident from occurring in the future," the airline said on Tuesday.
It discovered the breach in July and engaged a third party cybersecurity forensic firm to conduct an investigation to determine the nature and the scope of the incident, according to a Sept. 16 consumer notification letter.
American Airlines has notified customers that personal information such as address, phone number, driver's license number, passport number and/or certain medical information may have been accessed by the hacker, the letter showed.
"We regret that this incident occurred and take the security of your personal information very seriously," Chief Privacy and Data Protection Officer Russell Hubbard said in the letter.