Jan 24, 2023

EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server

Posted by in categories: cybercrime/malcode, government, internet

An unsecured server discovered by a security researcher last week contained the identities of hundreds of thousands of individuals from the U.S. government’s Terrorist Screening Database and “No Fly List.”

Located by the Swiss hacker known as maia arson crimew, the server, run by the U.S. national airline CommuteAir, was left exposed on the public internet. It revealed a vast amount of company data, including private information on almost 1,000 CommuteAir employees.

CommuteAir also confirmed the legitimacy of the data, stating that it was a version of the “federal no-fly list” from roughly four years prior.

“The server contained data from a 2019 version of the federal no-fly list that included first and last names and dates of birth,” CommuteAir Corporate Communications Manager Erik Kane said. “In addition, certain CommuteAir employee and flight information was accessible. We have submitted notification to the Cybersecurity and Infrastructure Security Agency and we are continuing with a full investigation.”

CommuteAir is a regional airline based out of Ohio. In June 2020, CommuteAir replaced ExpressJet as the carrier for its United Express Banner, a regional branch of United, which runs shorter flights.

Leave a reply