The lawsuit now confronting SkyWest Airlines has become one of the most closely watched labor and cybersecurity disputes in U.S. aviation, not because of malware or external hackers, but because of something far more unsettling: the alleged use of ordinary browser developer tools to surface data that already existed inside the airline’s internal systems. At the heart of the case is a fundamental question with industry-wide consequences—where does legitimate system access end, and unlawful data exploitation begin?
Filed in federal court, the case accuses two former SkyWest pilots, Daniel Moussaron and Vikaas Krithivas, of improperly accessing and harvesting sensitive employee information from the airline’s internal SkyWest Online (SWOL) portal. SkyWest claims nearly 5,000 pilots and flight attendants had private contact details exposed and later used for union-related outreach. The defendants reject the hacking narrative entirely, framing the lawsuit as retaliation against protected labor organizing.
A Federal Case With High Stakes for Airlines and Labor Rights
The complaint was lodged in the US District Court in Utah, where SkyWest alleges violations of the Computer Fraud and Abuse Act, breach of contract, and civil conspiracy. According to the airline, Moussaron and Krithivas exploited weaknesses in SWOL to reveal personal phone numbers and home addresses that were intentionally hidden from normal user views.
SkyWest emphasizes that the data was never meant to be visible, arguing that intent matters more than technique. In its view, uncovering concealed fields—even without bypassing authentication—constitutes unauthorized access once the information is used at scale and for purposes beyond ordinary employment functions.
How Developer Tools Became the Center of the Dispute
The technical crux of the case lies in how the data was accessed. The SWOL portal typically displays limited colleague information such as names, bases, and supervisors. SkyWest alleges that the former pilots used built-in browser developer tools to inspect page code and reveal additional data fields embedded but not rendered on screen.
Moussaron counters that no security barriers were bypassed. In sworn filings, he states that he never escalated privileges, accessed admin-only functions, or circumvented server-side controls. From this perspective, developer tools merely exposed information that SkyWest’s own systems already delivered to authenticated users.
Initially, the access was limited. Court filings indicate that in August 2025, Moussaron viewed data tied to just two pilots, then expanded to dozens. Over the next three months, that number reportedly grew to 365 pilots, before the effort accelerated through automation.
Automation, Scale, and the Turning Point
By September, SkyWest alleges that Krithivas joined the effort and helped deploy a software-based scraping tool. This marked the shift from manual inspection to large-scale data extraction, culminating in the collection of personal details on 4,970 employees. The airline claims the information was then used to initiate mass calls and messages advocating unionization.
The case gained internal attention after an employee reported receiving an unsolicited union call on a private phone number. SkyWest argues this complaint demonstrated real-world harm and confirmed misuse of confidential data.
Union Organizing and the Retaliation Claim
The defendants’ legal strategy centers on labor law. Both pilots argue that their actions fall squarely under protections granted by the Railway Labor Act, which safeguards employees’ right to organize and communicate with colleagues about unionization.
Their attorney maintains that all information accessed was viewable using valid employee credentials. Krithivas has stated that his sole intent was to help facilitate a union drive among SkyWest pilots, who remain one of the largest non-unionized pilot groups in the country.
That effort has been strongly supported by the Air Line Pilots Association, which has repeatedly highlighted disparities in pay, scheduling, and working conditions between regional carriers and major airlines.
Why This Case Matters Beyond SkyWest
This lawsuit reaches far beyond one airline. If SkyWest prevails, companies may gain broader authority to define “unauthorized access” based on intent and outcome, not technical intrusion. If the pilots succeed, the ruling could affirm that data visibility equals permission, even when information is hidden by design rather than security.
For airlines, the case exposes uncomfortable truths about internal system architecture. Embedding sensitive data in client-side code—even if not displayed—creates legal and ethical vulnerabilities. For labor advocates, the case tests how far digital tools can be used in modern organizing before corporations draw legal lines.
The SkyWest lawsuit is not simply about dev tools or scraped data. It is about power, access, and control in an industry where technology now sits squarely between management and labor—and where the browser itself has become a battleground.
