Swiss International Air Lines (SWISS) has confirmed that sensitive pilot assessment data was inadvertently accessible to unauthorised individuals for around two months, due to an internal error in its data storage system.
The breach came to light on 1 August, when an employee reported that files containing confidential information from pilot selection processes were accessible to a broad group of internal staff and a limited number of personnel from partner companies. The issue stemmed from incorrect permission settings on SWISS’s SharePoint platform, rather than any external cyberattack.
The exposed information included application documents, test results, and expert assessments for pilots who had undergone evaluation with SWISS, including external candidates. Approximately 70 instances of access were recorded. Those who viewed or potentially downloaded the data were contacted directly, informed of its sensitivity, and asked to delete it immediately and refrain from sharing it further.
SWISS moved quickly to block access once the issue was reported, migrating the data to a secure, encrypted platform and introducing additional protective measures. The airline has stated that no passenger information or other employee data was affected.
In a statement, the airline said: “The error in the data storage settings was made by an employee and was a human oversight. Nevertheless, the responsibility lies with SWISS as a company. We take this responsibility seriously and acted immediately.”
Authorities and partner organisations were notified, and a full review is now underway. SWISS says it has analysed the incident and is implementing new safeguards to prevent similar breaches in future.
“We deeply regret this incident and are committed to ensuring it does not happen again,” the airline said.
