Personal data exposed on internal Web site

June 21, 2007

Associated Press

Personal information including Social Security numbers of more than 300 pilots and other employees at American Airlines, including the chief executive, was exposed on a company Web site, according to the pilots union, the Allied Pilots Association.

The company said it determined that only pilots and union officials saw the information, on a password-protected internal site.

Union officials said that by searching the site for "AA" and "medical," the roughly 200 results included a 2002 document with personal information on 315 current and former pilots and about 50 others, including CEO Gerard Arpey and his predecessor, Don Carty.

Union President Ralph Hunter said he called Mark Burdette, the company's vice president of employee relations, to report the breach.

"I told him what his Social Security number was and where I got it," Hunter said. "He agreed with me that we had a big problem."

American disabled the site's search function.

"Any personal information that was accessible was accessible only to other users of the site, American Airlines pilots, not the general public, because the site is password-protected," said Tim Wagner, a spokesman for Fort Worth-based American.

The union has asked the company to provide credit-monitoring service to people listed on the document. Wagner said American was considering the request.

main page ATTRITION feedback