The American Airlines pilot union is working to restore its systems following a ransomware attack, the latest in a rash of cyber incidents affecting the aviation industry.
The union, which represents more than 15,000 of the airline’s pilots, posted a notice on its website explaining it first discovered the cyberattack on October 30.
The unnamed cybersecurity firm hired to conduct an investigation confirmed that the union was hit with ransomware and said some systems were encrypted.
“As a result, the restoration of those systems has entailed a methodical and time-consuming process for our IT team and outside experts,” it said. “As we work to recover from backups, we are also continuing to assess potential impacts to data, including member data. Investigations of this nature often take time to complete.”
The organization’s IT team is working with outside experts to restore their systems and noted that efforts “are progressing,” allowing them to soon bring some services back online.
“Once the initial restoration is in place, we will continue to restore additional services over the coming hours and days, placing a priority on pilot-facing products and tools,” the union explained.
“We are working diligently to be fully operational as soon as possible, while keeping the security of our systems front and center.”
In messages on social media, the union said the cybersecurity incident began in the early morning hours of October 30. Some core services were restored throughout the week but the organization will continue to provide updates on their progress.
The aviation industry has faced relentless attacks in the last six months. On Wednesday, one of the highest traffic airports in Mexico was hit by a cyberattack and a day later airplane maker Boeing confirmed that it is responding to a cyberattack involving its parts and distribution business.
Both incidents were claimed by ransomware gangs. Air Canada and Air Europa have also both dealt with incidents in the last month while European aerospace giant Airbus said in September that it was investigating a cybersecurity incident.