United States and SkyWest Airlines Accuse Former Pilots of Hacking System to Steal 5,000 Employee Records

Published on February 26, 2026

Image generated with Ai

SkyWest Airlines is in the midst of a legal battle against two of its former pilots, Daniel Moussaron and Vikaas Krithivas, who have been accused of hacking into the airline’s internal computer system. This serious breach of security allegedly led to the extraction of personal and confidential data from almost 5,000 pilots. The airline claims that the hackers used web development tools and specialized software to bypass security measures, accessing sensitive details such as home addresses and personal phone numbers. The airline’s lawsuit, filed in the US District Court for the District of Utah, has drawn attention due to the scale of the breach and the potential consequences for employee privacy.

The Alleged Hacking Incident

SkyWest Airlines, a regional carrier for major airlines like American Airlines, Delta Air Lines, United Airlines, and Alaska Airlines, has filed a lawsuit following a suspected data hack that involved two former pilots. The airline’s internal directory, known as SWOL, was allegedly accessed without authorization, leading to the theft of personal information about nearly 5,000 pilots. According to the lawsuit, Daniel Moussaron, one of the former pilots, first accessed the directory in August 2025. The company claims that Moussaron used sophisticated web developer tools to bypass role-based access restrictions in the directory, which allowed him to view confidential fields such as employees’ home addresses and phone numbers.

SkyWest’s investigation revealed that over the next few months, Moussaron repeatedly accessed the directory to pull personal data from the airline’s seniority list. The airline suspects that the data was manually retrieved, given that initial access was slow and incremental. This case escalated when Moussaron was later joined by Vikaas Krithivas, another ex-pilot, who allegedly helped with automating the process. The two former pilots reportedly used software to download data at an astonishing speed, extracting the personal details of almost 5,000 pilots in less than seven hours.

Unauthorized Access and Data Scraping

The core of the allegation centers around the misuse of the SWOL directory, which contains both business-related data and more sensitive information. Normally, pilots can only access basic details such as their name, base location, and supervisor. However, managers and other employees with higher clearance can view more confidential data, including home addresses and personal phone numbers. SkyWest claims that Moussaron exploited a security flaw in the directory to gain access to these hidden fields.

After the initial manual data pulls, Moussaron and Krithivas allegedly used automated tools to expedite the extraction of the confidential data. This enabled them to scrape an extensive amount of personal information, which was then reportedly used for purposes that included unsolicited messaging and phone calls. It wasn’t until a few days after the final large-scale data download that SkyWest pilots began receiving unexpected communications, including phone calls from individuals claiming to have access to a “backdoor” into the company directory.

The Investigation and Fallout

In response to the breach, SkyWest launched an internal investigation, consulting with IT experts and conducting forensic analysis of the company’s system logs. The results confirmed that the system had been accessed multiple times without permission, and that specialized tools had been employed to bypass the directory’s security measures. The airline has expressed concern that the breach not only violated employee privacy but also posed significant security risks, as sensitive personal data was leaked without authorization.

SkyWest’s investigation found that the stolen data was used for unauthorized activities, which included direct messages and phone calls made to pilots. One pilot even reported receiving a call where the caller claimed to have found a “backdoor” into the company directory, further suggesting that the breach was not a random act but a deliberate and coordinated effort. This raises concerns about the misuse of private information and the potential for future disruptions to the airline’s operations.

Legal Implications and the Airline’s Lawsuit

SkyWest has filed a lawsuit against Moussaron and Krithivas, accusing them of committing computer fraud, breach of contract, and civil conspiracy. The airline argues that the actions of the two ex-pilots were not only unethical but also illegal, resulting in irreparable harm to employee trust and security. In the lawsuit, SkyWest demands both monetary damages and an order from the court requiring the former pilots to surrender their personal devices for forensic examination.

In addition to seeking damages for the breach, SkyWest has also requested injunctive relief to prevent any further unauthorized access to the company’s systems. The airline stresses that without this immediate intervention, the threat of continued data theft and misuse remains, potentially causing further damage to its reputation and operational security.

Union Allegations and Defense

In their defense, Moussaron and Krithivas have acknowledged accessing the SkyWest corporate directory. Moussaron admitted to using the directory to gather pilot contact details in an attempt to organize a pilots’ union affiliated with the Air Line Pilots Association (ALPA). Moussaron confirmed that he sent out a mass SMS message to gauge interest in unionizing, although he denied making additional communications or sending unsolicited messages to pilots.

Moussaron’s legal team has argued that the actions taken by the former pilots were part of a unionization effort, which they claim is protected under labor law. They further contend that the federal court may not have the jurisdiction to hear the case, as it involves a dispute over union organizing activities. This argument is expected to play a key role in the outcome of the lawsuit.

The Broader Impact of the Breach

This incident highlights the vulnerabilities that even well-established airlines face when it comes to data security. The breach of confidential employee information can have serious consequences, not just for the affected individuals but also for the company’s reputation and operational integrity. SkyWest’s case serves as a stark reminder of the importance of robust cybersecurity protocols and the need for constant vigilance in safeguarding sensitive data.

The airline’s lawsuit, which is ongoing, could set a precedent for how similar cases are handled in the future, especially in cases where former employees are involved in illegal activities that compromise the security of an organization’s internal systems. As the legal proceedings unfold, both SkyWest and the aviation industry at large will be watching closely to see how the courts address the intersection of data security, labor rights, and employee privacy.

SkyWest Airlines has filed a federal lawsuit against two former pilots accused of hacking the airline’s internal system and stealing sensitive personal information. The breach involved unauthorized access to the company’s SWOL directory, which led to the extraction of data on nearly 5,000 pilots. SkyWest is seeking monetary damages and legal action to prevent future breaches, while the accused pilots defend their actions as part of a unionization effort. The case underscores the growing importance of cybersecurity in the aviation industry, particularly when it comes to protecting sensitive employee information.