AMR Breach Puts 79,000 Employees at Risk
American Airlines' parent company says the personal data of some 79,000 current, former and retired employees was compromised after a hard drive was stolen from its Fort Worth, Texas headquarters.
In one of the largest data breaches in recent months, AMR, the parent company of American Airlines, said it's in the process of notifying more than 79,000 current, former and retired employees that a hard drive containing their most sensitive personal information was stolen from its corporate headquarters in Fort Worth, Texas. The Associated Press reported the breach earlier this month.
AMR (NYSE: AMR) officials told the AP that the purloined drive contained images of microfilm files that stored data such as employees' names, address, birth dates, Social Security numbers and what it described as "limited" bank account information.
The data breach was discovered on June 4, according to AMR, and the company last week began mailing out notification letters to all affected employees and retirees. The data was compiled by the company's pension department and also included health insurance information, including the names and personal information of employees' beneficiaries.
The company is offering a free year of credit-monitoring services and sai, in a statement, said it has initiated new security procedures at its headquarters to prevent future data breaches of this magnitude.
The stolen drive held employee data spanning from 1960 through 1995 and included benefits information for employees still working for AMR's various business units including American Airlines.
The breach is the latest in a string of corporate data theft incidents centered around either insurance or employee benefit data pools.
Earlier this year, independent data security research and consulting firm 800,000 portable storage devices (including USB drives, hard drives, and laptops) were stolen or misplaced last year, a fact that's led state and federal lawmakers to pass more stringent legislation holding companies accountable for safeguarding employee and customer data.
AMR officials said that thus far it appears no customer data was compromised in the theft.