SkyWest Airlines has filed a federal lawsuit against two of its former pilots, alleging they unlawfully accessed and downloaded the personal information of nearly 5,000 employees. The pilots maintain their actions were legal and part of a protected effort to organize a union.
Key Takeaways
- SkyWest Airlines is suing two former pilots, Daniel Moussaron and Vikaas Krithivas, in a US District Court in Utah.
- The lawsuit claims the pilots used browser 'developer tools' to access personal data, including phone numbers and home addresses, from an internal company portal.
- The data of approximately 4,970 pilots and flight attendants was allegedly collected for union organizing purposes.
- The pilots argue their actions did not constitute hacking and are protected under the Railway Labor Act, which allows for unionization efforts.
Details of the Lawsuit
The legal complaint filed by SkyWest Airlines accuses former pilots Daniel Moussaron and Vikaas Krithivas of violating the Computer Fraud and Abuse Act. The airline also claims their actions represent a breach of contract and civil conspiracy.
According to the filing, the two individuals accessed an internal employee portal known as 'SkyWest Online' (SWOL). While the portal is designed to show limited information about colleagues, such as their name and airport base, the lawsuit alleges the pilots found a way to view much more.
SkyWest claims Moussaron and Krithivas used common web browser features, often called 'developer tools,' to uncover hidden data fields within the portal's code. This allegedly allowed them to view and collect sensitive personal details that were not intended to be publicly visible to other employees.
A Non-Union Workforce
SkyWest Airlines is one of the largest regional carriers in the United States that remains non-unionized. The Air Line Pilots Association (ALPA) has been actively campaigning for the airline's pilots to unionize, pointing to differences in pay and working conditions compared to pilots at larger mainline carriers.
How the Data Was Accessed
The dispute centers on the method used to obtain the employee information. SkyWest's IT records, cited in the lawsuit, indicate that Moussaron began his activities in August 2025. He allegedly started by accessing data on a small number of individuals before expanding his efforts.
Over a three-month period, Moussaron is said to have gathered data on 365 pilots. He was later joined by Krithivas in September. The lawsuit alleges their efforts escalated with the use of an automated software tool to 'scrape' the personal information of 4,970 pilots from the portal.
This collected data, which included private phone numbers, was then allegedly used to send unsolicited messages and make calls related to union organizing. The airline states it became aware of the situation after an employee reported receiving an unsolicited call on their private number and raised concerns with management.
Timeline of Events
- August 2025: Daniel Moussaron allegedly begins accessing individual pilot records.
- September 2025: Vikaas Krithivas reportedly joins the data collection effort.
- Over three months: The pair allegedly use an automated tool to scrape data for nearly 5,000 employees.
The Pilots' Defense
The two former pilots strongly deny any illegal activity. They contend that their actions are protected by the Railway Labor Act, a federal law that grants workers the right to organize and form unions without interference from their employer.
In a motion filed in response to the lawsuit, Moussaron stated he did not breach any security systems.
"At no point did I ‘bypass’ or ‘circumvent’ any server-side access control, escalate privileges or access an administrator-only function," the motion reads.
Their defense argues that using developer tools simply revealed information that the portal had already sent to their computers. According to their attorney, Jonathan Thorne, this means the pair "did not bypass security measures or otherwise obtain unauthorized access."
The pilots' legal team asserts that all contact information was "viewable using the credentials and authorizations" that SkyWest provides to all its employees. Krithivas stated he was assisting Moussaron with the "sole intent to collect pilot contact information to facilitate a drive to unionize SkyWest pilots."
A Clash of Rights and Security
This case brings into focus the complex intersection of data security, employee privacy, and labor organizing rights. SkyWest frames the issue as an illegal data breach and a violation of its policies. The pilots and their supporters view the lawsuit as a retaliatory measure intended to stifle legitimate unionization efforts.
The court will have to determine whether using browser tools to view non-displayed data constitutes unauthorized access under federal law. The outcome could set a precedent for how digital tools are used in labor organizing campaigns and how companies are expected to secure employee data on internal platforms.
