American Airlines and Southwest Airlines, two of the world’s largest airlines, on Friday disclosed data breaches caused by the hack of Pilot Credentials, a third-party provider that runs pilot applications and recruitment portals for several airlines.

Both airlines were made aware of the Pilot Credentials incident on May 3, which was limited to the third-party vendor’s systems only, with no compromise or impact to the airlines’ own networks or systems.

An unauthorized person gained access to Pilot Credentials systems on April 30 and stole documents containing information provided by some applicants as part of the pilot and cadet hiring process.

According infringe notifications filed Friday with the Maine attorney general’s office, American Airlines said the data breach affected 5745 pilots and candidateswhile Southwest reported a total of 3009.

“Our investigation determined that the data in question contained some of your personal information, such as your name and social security number, driver’s license number, passport number, date of birth, aviator and other government-issued identification numbers,” American Airlines revealed.

Although no evidence was found that pilots’ personal information was specifically targeted or used for fraud or identity theft, airlines will now direct all pilot candidates and cadets to internal portals self-managed.

“We are no longer using the provider and, going forward, pilot candidates are directed to an internal portal operated by Southwest,” Southwest Airlines said.

American Airlines and Southwest Airlines have also notified law enforcement authorities of the violations and are fully cooperating with their ongoing investigation of the matter.

American Airlines hit by other violations in recent years

Disclosures come after American Airlines disclosure another data breach in September 2022 which affected more than 1,708 American Airlines customers and team members following a phishing attack in July 2022 that led to the compromise of a number of employee email accounts.

As disclosed at the time, personal information exposed in the July 2022 breach may have included names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers , passport numbers and/or certain medical information of employees and customers. .

A subsequent investigation also indicated that the attackers used the employees’ compromised accounts to send more phishing emails.

American Airlines was also hit by a data breach in March 2021 after the global airline information technology giant SITA revealed that hackers hacked into its servers and accessed the Passenger Service System (PSS) used by several airlines around the world.

American Airlines is the world’s largest airline by fleet size (with more than 1,300 aircraft on its mainline), operates nearly 6,700 flights daily to approximately 350 destinations in more than 50 countries, and has more than 120,000 employees.

Southwest Airlines is the world’s largest low-cost carrier, has nearly 70,000 employees and operates from more than 121 airports in 11 countries.