Personal data of 3,000 US Airways pilots leaked by insider?

A data breach that goes back to October 2009 has recently been brought to light by the US Airline Pilots Association (USAPA), which admitted that it has been working for months now with the FBI in order to discover who accessed and leaked personal information of around 3,000 US Airways pilots.

According to Dark Reading, the airline has revealed that a disgruntled former employee – a management-level pilot – is responsible for handing over the information to Leonidas, a group that represents former America West pilots which have continued to work for US Airways after the two companies merged in 2005.

The breach was the result of a long-standing labor dispute between Leonidas and the USAPA, which mostly represents pilots who work for US Airways since before the merger.

It seems that Leonidas was seeking only the addresses of the pilots from US Airways in order to distribute a letter to them. What it received from the insider was an Excel spreadsheet containing names, addresses, Social Security numbers, and possibly even passport information of the pilots.

USAPA is very dissatisfied with the way the airline is handling the breach. US Airways has offered the affected pilots a free one-year subscription to a identity theft watch service.

“The union is also extremely disappointed by the Company’s lack of aggressive action to address this issue, first denying that a significant breach had even occurred, then equivocating concerning the extent of that breach, all the while taking no remedial action against the Company personnel involved in the breach,” said USAPA’s president Mike Cleary. “Significantly, the Company has also failed to take steps to provide lifelong protection to the pilots directly affected and adequately address the potential national security issues for all of our pilots and passengers.”

He also consider ludicrous US Airways’ claims that it has received assurances from the parties that obtained the information that it will not be abused. “It’s analogous to a bank robber promising he will not spend the stolen loot. We are demanding swift and aggressive action as we simultaneously take significant steps to hold both US Airways and the specific responsible parties liable for the damage caused,” he said.

OPIS

Subscribe to the Help Net Security breaking news e-mail alerts:

OPIS

Don't miss