Virgin America
Virgin America said over 3,100 employees and contractors are affected by the breach. Justin Sullivan/Getty Images

Virgin America has urged its employees to change their passwords after a hacker managed to infiltrate certain company information systems containing staff data. In a letter to employees, the airline said that an "outside party gained unauthorized access to certain Virgin America information systems", ZDNet reported on Thursday (27 July).

The company said the breach was discovered during security monitoring activities on 13 March and may have compromised employees' and contractors' login information and passwords used to access its corporate network.

"We immediately took steps to respond to the incident, including our incident response protocol and taking measures to mitigate the impact to affected individuals," the letter read. "We retained cybersecurity forensic experts to investigate the incident and reported the matter to law enforcement."

A Virgin America spokesperson told ZDNet that 3,120 employees and contractors had their login details were compromised in the breach. Another 110 employees' personal data were stolen as well, including addresses, social security numbers, government-issued ID details such as driving licenses and health-related details.

"Customer data for Virgin America and Alaska Airlines was not impacted," the company spokesperson said.

The company did not mention how the attack took place or name any suspected perpetrators behind the attack.

Virgin America has advised employees and contractors affected by the breach to monitor their bank and credit card statements and credit reports for any potential unauthorized activity, incidents of fraud or identity theft. The company also told staffers to regularly rotate passwords used for online accounts and warned not to use the same credentials across multiple online platforms.

"I understand that this many come as a surprise," Kyle Levine, vice president of legal and general counsel for Alaska Air Group, wrote in the letter. "I want to assure you that our information security teams are working hard to enhance our privacy and security practices here at Virgin America to reduce the likelihood that something like this happens again."

Virgin America, which was founded by Sir Richard Branson back in 2004, was acquired by Alaska Airlines last year for $2.6bn. In March, the parent company said in plans to retire the Virgin America brand in 2019.