The airline said Tuesday that it has indication that the attackers have misused any of the personal information.
American said the breach was discovered in July. The airline declined to say how precisely how many people had their personal information exposed or the nature of that information.
“American Airlines is aware of a phishing campaign that led to the unauthorized access to a limited number of team member mailboxes,” American spokesman Curtis Blessing said. “A very small number of customers and employees’ personal information was contained in those email accounts.
Blessing said American is putting in place “additional technical safeguards to prevent a similar incident from occurring in the future.”
American is based in Fort Worth, Texas.