Law In TravelSkyWest

“Hacking” Or Union Organizing? Airline Sues Two Pilots Over Employee Data Access

Posted on Leave a Comment

a plane on the runway

Regional airline SkyWest Airlines is suing two of its former pilots, alleging they hacked into the company’s internal computer system and extracted the private personal information of thousands of coworkers in an effort to unionize fellow pilots.

Regional Airline Sues Two Pilots, Alleging Internal Systems Were Accessed To Harvest Coworkers’ Personal Data

SkyWest Airlines has filed a federal lawsuit against two of its former pilots, accusing them of improperly accessing internal company systems to obtain the personal contact information of thousands of coworkers. SKyWest operates regional service for Alaska Airlines, American Airlines, Delta Air Lines, and United Airlines.

The complaint, filed in U.S. District Court in Utah, alleges that former SkyWest pilots Daniel Moussaron and Vikaas Krithivas accessed protected portions of the airline’s internal employee portal and extracted personal data, including home addresses and cellphone numbers, belonging to nearly 5,000 pilots and flight attendants.

According to SkyWest, the access occurred between August and December 2025 through the company’s internal SkyWest Online (SWOL) system, a portal used by employees for scheduling, payroll, and company communications.

SkyWest claims the pilots “intentionally accessed a protected computer without authorization, or exceeded authorized access,” in violation of the federal Computer Fraud and Abuse Act, as well as breached their employment agreements and fiduciary duties to the airline.

What SkyWest Says Happened

In its filing, SkyWest alleges that the two pilots were able to view employee data fields that were not ordinarily visible to other pilots. The airline claims the information was then used to contact coworkers directly on their personal phones, prompting complaints from employees and triggering an internal investigation.

According to the lawsuit, a SkyWest officer reported receiving a call from an unidentified individual who claimed to have “found a backdoor to the company directory,” a statement the airline cites as evidence that the access was intentional and unauthorized.

SkyWest argues that even if the pilots did not “hack” the system in a traditional sense, they knowingly bypassed role-based access restrictions designed to protect sensitive employee data.

The airline is seeking a jury trial, injunctive relief, and damages, though it has not specified a dollar amount.

The Pilots’ Response: “We Didn’t Hack Anything”

The pilots dispute SkyWest’s characterization of events.

In court filings and public statements, Moussaron has argued that the data was accessed using standard browser developer tools and that the information was already available through the system to which he had legitimate login credentials.

His argument, in essence, is that SkyWest failed to properly secure its own systems and is now attempting to criminalize behavior that exploited poor internal design rather than bypassed security controls.

Krithivas, meanwhile, has said that the access occurred in the context of union organizing efforts and that there was no intent to harm coworkers or misuse their data. He has characterized SkyWest’s lawsuit as retaliatory, coming amid increased labor tensions and pilot dissatisfaction at the airline (SkyWest pilots are not unionized, but the Air Line Pilots Association [ALPA] is aggressively courting pilots to unionize).

Neither pilot has been criminally charged: currently this is a civil lawsuit, though SkyWest does reference potential violations of federal law in its complaint. The pilots says this is a labor matter, with attorney Jonathan Thorne arguing, “The conduct that they’ve accused him of is union organizing activity that’s protected under The Railway Labor Act. He didn’t hack their system, there was no conspiracy here, he didn’t use confidential information. SkyWest had an online directory that provided him access to employees’ contact information that he used as part of union organizing efforts.”

You can review the case docket here.

This Is Really About Access, Not “Hacking”

What makes this case interesting is that it sits in a gray area that airlines, tech companies, and courts have struggled with for years.

The Computer Fraud and Abuse Act was written in  1986, long before modern web-based enterprise systems became ubiquitous. Courts have repeatedly wrestled with the question of whether using legitimate credentials to access information in unintended ways constitutes illegal access, or simply misuse of authorized access.

SkyWest’s position is clear: authorization is defined by intent and role, not by technical possibility. The pilots’ position is equally clear: if the system allowed access without bypassing authentication controls, responsibility lies with the system owner.

That’s quite pertinent to the airline industry, which heavily relies on internal systems that aggregate vast amounts of sensitive employee data. Pilots, flight attendants, and other employees routinely access portals that combine scheduling, training, contact information, and operational tools.

If SkyWest prevails, the case could strengthen airlines’ ability to pursue civil action against employees who use internal tools in ways the company deems inappropriate, even absent traditional “hacking.” If the pilots prevail, it may reinforce the idea that airlines bear responsibility for securing their own systems and cannot retroactively redefine authorization when design flaws are exposed.

My own assessment is that if the pilots signed an NDA not to disclose company information and then did the opposite, even if it was made possible by SkyWest’s poor IT infrastructure, the carrier was justified in terminating both of them. The boast that they “found a backdoor” into the company directory strikes me as particularly damning, if true. Seeking an injunction to prohibit ALPA from using this illicitly-obtained information also strikes me as reasonable on the part of SkyWest.

CONCLUSION

SkyWest has sued two pilots for what it calls “hacking” into its internal systems and then misappropriating that information, framing this as a serious breach of trust and security. The pilots are framing it as an overreaction to a system that exposed data it never should have in the first place.

It’s an interesting case with the added wrinkle that the info was not used for direct pecuniary gain, but to organize workers, which is protected activity under most contexts.

As I see it, the pilots broke no law and should face no civil liability, but also have no grounds for wrongful termination if they knowingly circumvented company systems in contravention of their employment contract.

image: Delta

About Author

Matthew Klint

Matthew is an avid traveler who calls Los Angeles home. Each year he travels more than 200,000 miles by air and has visited more than 135 countries. Working both in the aviation industry and as a travel consultant, Matthew has been featured in major media outlets around the world and uses his Live and Let's Fly blog to share the latest news in the airline industry, commentary on frequent flyer programs, and detailed reports of his worldwide travel.

Related Posts

Leave a Reply

Privacy Policy © Live and Let's Fly All Rights Reserved. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Live and Let's Fly with appropriate and specific directions to the original content.