Targets of the phishing attacks alerted American Airlines, which found unauthorized activity in the company’s Microsoft 365 environment and determined that multiple employees’ accounts were accessed, according to a New Hampshire regulatory filing.
Earlier in September, American Airlines began notifying employees and customers affected by the breach, which potentially exposed driver’s license and passport numbers, among other personal information.