Virgin America says a hacker broke into its network, forced staff to change passwords

(Image: file photo)

A hacker broke into Virgin America's corporate network earlier this year, the company has confirmed.

The airline said in a letter to employees, published Thursday, that the hacker had "gained unauthorized access to certain Virgin America information systems containing your data."

The breach happened on March 13, days before the airline was formally acquired by Alaska Air for $2.6 billion. The airline, founded by Richard Branson in 2004, will retire its branding by next year.

The hacker "gained access to... login information and passwords" that employees use to access Virgin America's corporate network.

A spokesperson confirmed that 3,120 employees and contractors had their login information compromised, while 110 additional employees may have had personal information stolen, such as addresses, social security numbers, details of government-issued IDs (such as driving licenses), and health-related information.

But it's not known how the hacker gained access to Virgin America's network.

A person who used to work for the airline told ZDNet that the company hosted its email with Google and requires employees to use two-factor authentication, which suggests that the hacker likely did not use usernames and passwords that might have been stolen or exposed from another breach. The use of two-factor authentication on the network would also prevent the hacker from using credentials from an account with higher privileges, such as system administrators, to access further systems and databases.

The company's security team said in the letter that it identified the unauthorized access, and mitigated the hacker's access.

Employees and contractors were forced to change their passwords. The airline also said it consulted an unnamed cybersecurity firm and informed law enforcement of the breach.

"Customer data for Virgin America and Alaska Airlines was not impacted," a spokesperson said.

The breach isn't thought to be related to a recent breach of Sabre systems, a reservation software company that revealed it had been attacked earlier this year.

The company's software is used by hundreds of airlines, including Virgin America, and thousands of hotels to manage passenger and guest reservations, revenue management, and human resources. Several major companies -- including Google, Hard Rock Hotels, Loews, and some Trump properties -- have revealed that they had data stolen as a result of the Sabre breach.

"We have implemented additional security policies, procedures and tools to enhance our security program, and will continue to evaluate additional security enhancements going forward," the spokesperson said.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.



from Latest Topic for ZDNet in... http://ift.tt/2h6AWsP