As the airline said in filings with the Office of the New Hampshire Attorney General, after receiving these phishing reports, American’s CIRT discovered unauthorized activity in the company’s Microsoft 365 environment.