The Irving, Texas-based airline, which operates over 160 aircraft on approximately 875 daily flights, said it is actively investigating the incident and has contacted law enforcement authorities. “We have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected,” a company spokesperson said in an email. “A limited amount of business information and commercial contact details may have been compromised.”
The hack appears to be part of a campaign by the cybercriminal group known as CL0P, which has previously carried out wide-ranging compromises targeting third-party software and service providers. CL0P listed American Airlines as a victim on its website late Thursday, although the exact timing of the Envoy Air attack remains unclear. The group did not respond to requests for comment.
Envoy Air is the second entity to publicly confirm a breach tied to this Oracle E-Business Suite campaign. Earlier this month, cybersecurity experts at Google indicated that “mass amounts of customer data” were stolen in a similar operation that may have begun up to three months ago. Harvard University also confirmed it was targeted in a related attack earlier this week, according to cybersecurity news outlet The Record.
American Airlines referred inquiries about the incident to its regional subsidiary, Envoy Air. The airline has emphasized that no passenger information was compromised and continues to assess the full impact of the breach.