Virgin America has confirmed that third parties may have gained unauthorised access to information about the company’s employees and contractors earlier this year.
Virgin America detected the breach in March and immediately consulted cyber security forensics experts to mitigate its impact.
The airline, which was recently acquired by Alaska Air, also confirmed that hackers may have gained access to login information and passwords of people who use such credentials to log in to its corporate network. All affected employees and contractors were asked to change their passwords after the breach was discovered.
The airline also hired cyber security experts to investigate the breach, informed law enforcement and took immediate steps to mitigate the impact of the data breach. It has also asked affected users to regularly check credit card and bank accounts for fraud and rotate login passwords regularly.
According to Nir Polak, CEO at Exabeam, hackers may have taken advantage of ‘the chaos of post-merger integration’ as Virgin America was acquired by Alaska Air for $2.6 billion last year. He says that buyers often do not know the IT systems and users in the companies that they acquire, and hackers use this lack of information to infiltrate corporate networks.
‘In the initial phase after the breach has been discovered, the focus should be on completeness of remediation; in other words, fully kicking the hacker out of the network. This is harder than you might think because organisations often do not know the full extent of the hacker’s reach,’ Polak said.
According to Virgin America, the data breach affected 3,120 employees and contractors directly but hackers may have accessed personal details of another 110 employees like government ID numbers, social security numbers, addresses and health records. However, no customer data was impacted by the breach.
Virgin America has also warned employees, contractors, and customers that hackers may target them with phishing attacks in the coming days. ‘You should be alert to email ‘phishing’ attacks by someone who acts like a colleague or friend and requests sensitive information over email, such as passwords, Social Security numbers, or bank account numbers,’ it said.
Back in May, a group of hackers used the Emirates Airlines logo in phishing e-mails sent out to a number of unsuspecting users, asking them to participate in surveys and win free tickets in return. Through these emails, the hackers asked users to click on malicious links to participate in a survey. Once users clicked on such links, hackers could gain access to their devices as well as to other sensitive details like credit card information.