AMR Corporation Sends Letters to Certain Retirees and Employees Regarding Data Compromise and Offer of One Year Free Credit Monitoring
FORT WORTH, Texas, July 2 /PRNewswire-FirstCall/ -- Today, AMR Corporation (NYSE: AMR), the parent company of American Airlines, Inc., sent letters to potentially affected retirees, former employees, and a limited number of current employees about a compromise of certain personal information. The data, which had been kept by AMR's pension department, spans a time period from 1960 through 1995, and consists of images of historical microfilm files for approximately 79,000 retirees, former employees, and a limited number of current employees. No customer data was compromised.
AMR officials discovered and reported the theft of a hard drive at AMR headquarters in Fort Worth, Texas, on June 4, 2010. The drive contained images of historical microfilm files, which included names, addresses, dates of birth, Social Security numbers, and possibly other personal information, as well as a limited amount of bank account information. For some affected individuals, health insurance information (primarily enrollment forms, but also some coverage-related care, treatment, and other administrative materials) may also have been included.
AMR does not believe the health and welfare information contained on the drive is subject to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), considering the age of the files and other factors. However, AMR is committed to HIPAA compliance, and will continue to take measures to secure the confidentiality of all health and welfare information that it maintains.
AMR has issued letters to retirees and employees whose files were affected, notifying them of the steps AMR has taken to correct the issue and what cautionary steps individuals may wish to take, including a one-year credit monitoring service offered at no cost by AMR. AMR also believes some of the employee files also contained limited information concerning beneficiaries, dependents, and other employees during the 1960-1995 timeframe.
AMR has already implemented additional protective measures because of this incident, including additional physical security, access control, and computer system vulnerability assessments. The internal investigation is ongoing.
For additional information and steps individuals may take to protect themselves, AMR has established a frequently asked questions website at www.amrfaq.com.
Current AMR Corp. releases can be accessed on the Internet.
The address is http://www.aa.com
SOURCE AMR Corp.