A major cybersecurity dispute in the United States aviation sector has come into focus after SkyWest Airlines filed a lawsuit against two former pilots, Daniel Moussaron and Vikaas Krithivas. The airline alleges that both individuals accessed an internal company directory without authorization and extracted sensitive personal information belonging to thousands of pilots. The case has sparked debate about employee privacy, workplace communication, and digital security practices.
The airline claims the incident exposed private details such as home addresses and phone numbers of nearly 5,000 pilots. According to the company, the breach was not accidental but involved technical methods that allowed restricted information to be viewed and downloaded at scale.
Alleged Unauthorized Access to Internal Directory
The dispute centers around SkyWest’s internal directory system, commonly known as SWOL. This platform is designed to help employees find work-related information such as names, bases, and reporting structures. Sensitive details are typically hidden and only visible to users with higher permission levels.
Airports thrown into turmoil as cyberattack crashes check-in backbone used by 100 airlines
SkyWest alleges that Daniel Moussaron first accessed the directory in August 2025 and used web developer tools to bypass role-based restrictions. This reportedly allowed him to view confidential fields that regular pilots could not see. Investigators believe the initial data collection happened gradually, with information pulled manually over several weeks.
The company claims the situation escalated when Vikaas Krithivas became involved. According to the lawsuit, automated software was then used to speed up the process, allowing a large amount of data to be downloaded within hours. SkyWest says nearly 5,000 employee records were extracted in less than seven hours during the final phase.
Soon after the alleged download, pilots began reporting unexpected phone calls and messages. Some communications suggested that individuals had knowledge of internal company systems, raising concerns that the data had been used outside normal workplace channels.
Investigation Findings and Legal Claims
Following these reports, SkyWest launched an internal investigation with the help of technical specialists. System logs were reviewed, and forensic analysis indicated repeated access attempts that did not match normal employee behavior. The airline concluded that specialized tools had been used to view and collect restricted information.
Airline Systems Under Siege from Notorious Scattered Spider Hackers
The company argues that these actions violated internal policies and may constitute computer fraud and breach of contract. In response, SkyWest filed a lawsuit seeking financial damages and court intervention. The airline is also requesting that the court order Daniel Moussaron and Vikaas Krithivas to surrender personal devices for forensic examination.
SkyWest says the breach created serious privacy risks because personal contact information was exposed without permission. Company officials stated that the incident affected employee trust and could pose safety concerns beyond the workplace.
The airline has also asked for injunctive relief to prevent further access or distribution of the data while the case proceeds.
Union Organizing Defense and Ongoing Dispute
In their response, Daniel Moussaron and Vikaas Krithivas acknowledged accessing the directory but argued that their actions were connected to efforts to organize pilots. Moussaron said he gathered contact details to send a mass SMS message aimed at measuring interest in forming a union affiliated with the Air Line Pilots Association.
The defense claims that communication related to union organizing may be protected under labor law. Lawyers for the former pilots have questioned whether a federal court should handle the dispute, arguing that it involves workplace organizing activity rather than a typical cybersecurity violation.
SkyWest disputes this position, stating that the scale and method of the data extraction went beyond standard communication and involved exploiting a system weakness. The airline maintains that accessing restricted fields and automating downloads represented a deliberate misuse of company systems.
The case highlights the tension between workplace organizing rights and corporate cybersecurity responsibilities. It also draws attention to how insider access can create risks when sensitive employee information is stored digitally.
At the center of the legal battle are questions about authorization, data handling, and system safeguards. Court proceedings are examining whether the directory access was legitimate, how the information was used, and whether company protections were sufficient to prevent the incident.
