Virgin America has alerted thousands of employees that the company’s systems were breached, leading to the compromise of their personal data.
The American airline, which was acquired by Alaska Air in 2016, notified workers via letter, stating that the incident occurred earlier this year.
“On March 13, 2017, during security monitoring activities, our data security team identified potential unauthorized access to certain Virgin America computer systems,” said Kyle Levine, VP of Legal and General Counsel for Alaska Air Group.
“We immediately took steps to respond to the incident, including initiating our incident response protocol and taking measures to mitigate the impact to affected individuals,” Levine added.
The company said it hired cybersecurity forensic experts to further investigate the incident, and reported the matter to law enforcement officials.
“Nevertheless, it appears that a third party may have accessed information about certain Virgin America employees and contractors without authorization,” the letter read.
According to a report by ZDNet, the information compromised included the logins of roughly 3,120 workers. An additional 110 employees may have also had their personal details stolen, including Social Security Numbers, addresses, driver’s licenses or government-issued IDs, and health-related information.
Virgin America did not provide details on how intruders managed to access its information systems. Meanwhile, all Virgin America employees and contractors have been instructed to reset their passwords.
“I understand that this may come as a surprise,” said Levine.
“I want to assure you that our information security teams are working hard to enhance our privacy and security practices here at Virgin America to reduce the likelihood that something like this happens again,” the letter concluded.
The company advised employees to remain vigilant against threats to identity theft or fraud, and to regularly review bank and credit card statements for suspicious activity.
Virgin America reported only its own network was compromised, and the breach did not affect neither customers nor Alaska Air employees.