Virgin America Hacked, Employee Passwords and Personal Information Compromised

Share this…

Airline confirms hack that took place on March 13. Virgin America has confirmed in a letter sent to employees that its network was compromised by hackers, with data belonging to thousands of workers compromised and possibly stolen by the attackers.

While an investigation is already under way, the airline did not provide any specifics about the hackers, saying instead that it’s working with law enforcement on determining how the breach took place.

“On March 13, 2017, during security monitoring activities, our data secure team identified potential unauthorized access to certain Virgin America computer systems. We immediately took steps to respond to the incident, including initiating our incident response protocol and taking measures to mitigate the impact to affected individuals,” the company explained in the letter.

“We retained cybersecurity forensic experts to investigate the incident and reported the matter to law enforcement. Nevertheless, it appears that a third-party may have accessed information about certain Virgin America employees and contractors without authorization.”

Alaska Air not affected

The company says that some login information and passwords might have been compromised, and instructed employees and contractors to reset their passwords.

While Virgin America hasn’t said how many employees were affected, a company spokesperson told ZDNet that 3,120 employees and contractors were impacted by the breach, with usernames and passwords stolen. Another 110 employees may have had personal details stolen, and these include names and addresses, Social Security numbers, and driving license data.

Even though credit card information wasn’t compromised, Virgin recommends employees to regularly check bank and card statement and credit reports for unauthorized activity.

The company says that only its own network was compromised, with no impact on its new owner whatsoever. Virgin America was purchased by Alaska Air for $2.6 billion in 2016, and although the breach happened after the takeover was complete, the new owner was not impacted.

Also, Virgin America emphasized that no customer data was impacted, with employees reportedly the only ones targeted by the attack.