CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



American Airlines Pilot Union Recovering After Ransomware Attack

The Allied Pilots Association is restoring its systems after a file-encrypting ransomware attack.

The Allied Pilots Association (APA) says it has made progress in restoring its systems after falling victim to a file-encrypting ransomware attack last week.

The incident, the American Airlines pilot union says, occurred on October 30 and resulted in certain systems being encrypted.

“Our IT team, with the support of outside experts, continues to work nonstop to restore our systems. We are pleased to report that our restoration efforts are progressing, and we will soon be able to begin to bring back some of our online services,” the organization said in a November 2 incident notification.

The restoration efforts, APA said, would focus on pilot-facing products and tools, with full operations expected to be restored later.

Over the weekend, the organization announced that it had restored most functionality, including access to the website. However, it also reset all passwords on the website, informing users that they would need to select new ones when attempting to access the portal.

In a social media post on Saturday, the union said it expects all systems to be restored to full functionality within days. 

“Concurrent with our restoration efforts, we launched an investigation, under the guidance of third-party cybersecurity experts, to determine the scope of this incident,” the organization announced.

While it revealed that ransomware was used in the attack, APA has shared no details on the type of ransomware used and whether user data was exfiltrated during the incident, but promised that more details will be shared as its investigation progresses.

Advertisement. Scroll to continue reading.

Founded in 1963 and headquartered in Fort Worth, Texas, APA is an independent pilots’ union, providing various representation services to the 15,000 professional pilots who fly for American Airlines.

In June, American Airlines announced that the data of more than 5,000 individuals was compromised in a data breach at pilot recruitment application managing portal Pilot Credentials.

Related: Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware

Related: Authorities Shut Down RagnarLocker Ransomware Infrastructure

Related: CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.