The airline said in a letter to employees, published Thursday, that the hacker had "gained unauthorized access to certain Virgin America information systems containing your data" on March 13.
The hacker "gained access to... login information and passwords" that employees use to access Virgin America's corporate network.
A spokesperson confirmed that 3,120 employees and contractors had their login information compromised, while 110 additional employees may have had personal information stolen, such as addresses, social security numbers, details of government-issued IDs (such as driving licenses), and health-related information.
But it's not known how the hacker gained access to Virgin America's network.
A person who used to work for the airline told ZDNet that the company hosted its email with Google and requires employees to use two-factor authentication, which suggests that the hacker likely did not use usernames and passwords that might have been stolen or exposed from another breach. The use of two-factor authentication on the network would also prevent the hacker from using credentials from an account with higher privileges, such as system administrators, to access further systems and databases.
The company's security team said in the letter that it identified the unauthorized access and mitigated the hacker's access.
Employees and contractors were forced to change their passwords. The airline also said it consulted an unnamed cybersecurity firm and informed law enforcement of the breach.
"Customer data for Virgin America and Alaska Airlines was not impacted," a spokesperson said.
The breach is unrelated to a recent breach of Sabre systems, a reservation software company that revealed it had been attacked earlier this year.
The company's software is used by hundreds of airlines, including Virgin America, and thousands of hotels to manage passenger and guest reservations, revenue management, and human resources. Several major companies -- including Google, Hard Rock Hotels, Loews, and some Trump properties -- have revealed that they had data stolen as a result of the Sabre breach.