Virgin America Forces Its Employees to Change Passwords After a Hacker Broke into Its Networks
Virgin America said in a letter to employees published today that a hacker had gained unauthorized access to "certain Virgin America information systems containing your data." The breach reportedly occurred earlier this year, on March 13. The hacker(s) gained access to employees' login information including their passwords to access the airline's corporate network.
This attack apparently happened a little after Alaska Air acquired Virgin America for $2.6 billion last year. The company is expected to let go of its branding by next year.
Over 3,100 employees and contractors are affected by this hack and another 110 employees may also have their personal information stolen. This data includes their home addresses, social security numbers, government-issued IDs including driver's license, and health-related information.
"Customer data for Virgin America and Alaska Airlines was not impacted," Virgin American spokesperson.
Another hack thanks to last year's massive data leaks?
Unlikely. According to sources who spoke to ZDNet, the company requires its employees to use two-factor authentication, hosting its email with Google. It is unlikely that the hackers used any of the leaked databases from last year's massive data leaks and used that information to gain access to the company's corporate network.
The latest Virgin America breach is also
reportedly not connected with the Sabre Corps data breach that had affected a number of companies using Sabre's travel and hotel reservation and human resources software. Disclosed earlier this year, several companies including Google and Hard Rock Hotels saw their employee data stolen as a result of the Sabre network breach. While Virgin America is a Sabre customer, there are no reports of the March Virgin America hack being linked to the Sabre breach.
The airline wrote in the letter that it had identified the unauthorized access and mitigated its effects on affected individuals. Virgin America also forced its employees and contractors to change their passwords. Law enforcement agencies and an unnamed cybersecurity firm is currently working on the case.