CommuteAir, U.S. regional airline released Data Breach notice to public

CommuteAir, U.S.A regional airline released Data Breach notice statement as;

“We respect the privacy of your information, which is why, as a precautionary measure, we are writing to
let you know about a data security incident that may involve your personal information.


On January 17, 2023, CommuteAir LLC received notification from a security researcher of a potential data
exposure of certain information maintained on a company server. This information included a 2019 sample of the federal no-fly list which was used for system testing, flight information and certain employee data.
We took immediate steps to take the server offline and to investigate the extent of the data exposure and
access.

WHAT STEPS ARE WE TAKING TO IMPROVE CYBERSECURITY: This incident is separate from the November 2022 data breach from a hacker. Since that time, we have been working with Mandiant, an
industry-leading cybersecurity firm used by United Airlines, to modernize our systems and protocols. My
cybersecurity team is using our Envision Design Build Activate (EDBA) project management system to
implement their recommendations. You may have noticed, for instance, our new system for flagging
suspicious emails. Mandiant is also engaged in this incident, and we have reported the exposure to the
Cybersecurity and Infrastructure Security Agency (CISA). We will continue to upgrade and harden our
systems throughout 2023.

WHAT INFORMATION WAS INVOLVED: The potential data exposed included personally identifiable information including name, date of birth, phone number, address, last four digits of social security number, and information specific to flight crews such as hours flown. Based on our investigation to date, the data accessed did not include any credit card information, payment information, or health related information.


WHAT YOU CAN DO: If your data was exposed in the November 2022 breach, you received a
subscription offer to LifeLock Defenderâ„¢ Choice plan which provides multiple identity theft protection
services. If you have not activated your subscription yet, you may still do so until April 20, 2023. If you
joined CommuteAir since that time, within the next few days we will send a subsequent email with an offer code for the same subscription. Also, review the attachment to this letter (Steps You Can Take to Further Protect Your Information) for further additional actions you may take. My goal is to preserve the security of your personal information.

FOR MORE INFORMATION: For questions or assistance with your IT security, please contact my team
at c5it@commuteair.com or 440-462-0240.

CommuteAir, is a U.S. regional airline founded in 1989. Today, CommuteAir operates more than 1600 weekly flights to over 75 U.S. destinations and 3 in Mexico, with Embraer ERJ-145 aircraft, from its bases at Denver, Washington Dulles, and Houston Intercontinental.