The “No Fly List” in the U.S. is a list of people who are prohibited from boarding commercial aircraft for travel within, into, or out of the United States. Traditionally, the list is kept secretive and reserved for use by law authorities and TSA individuals.
In January, the list was exposed, revealing the identities of hundreds of thousands of individuals from the U.S. government’s Terrorist Screening Database and “No Fly List” (reference).
The data exposure is a major violation of privacy and a risk to national security. Let’s take a look at the ramifications and what this means for the future of securing U.S. government documents online.
According to security researchers, an unsecured server was the cause of the data breach of the U.S.’s “No Fly List.” Considered one of the most sensitive U.S. government documents, the list containing hundreds of thousands of individuals was simply left online.
The unsecured server was located by a Swiss hacker known as maia arson crime. Run by the U.S. national airline CommuteAir, the exposed server was apparently left exposed on the public internet.
The server exposure revealed a large amount of company data, including private information on almost 1,000 CommuteAir employees.
In terms of national security, the list exposed contained more than 1.5 million entries. This list contained names as well as birth dates, including individuals with multiple aliases.
Because the “No Fly List” is largely made up of individuals who have been barred from air travel due to suspected or known ties to terrorist organizations, exposure of the list publicizes valuable and confidential U.S. intel.
The breach exposed flaws in the documentation system of the “No Fly List” and revealed significant downfalls in the national cybersecurity plan. The relatively easy exposure of this list does not bode well for other sensitive government documents and will likely inspire an overhaul of current government cybersecurity procedures.
This breach revealed an interesting issue: exposure of the list threatens national security and exposes documentation lacking timely updates.
This provides food for thought for businesses: would a data breach expose processes your business is not proud of, in addition to sensitive information? It is something for companies to deeply consider as you factor in the potential threat of a cyberattack.
Cyberattacks expose all kinds of things–though typically sensitive data, they can also expose a lack of cybersecurity procedures, incompetent internal processes, and more. The U.S. government’s “No Fly List” breach is a perfect example.
As a managed IT service provider, PK Tech provides more than simple IT support. We provide comprehensive cybersecurity planning and procedure development so that your business is protected and prepared with adequate processes for when things don’t go according to plan.
Supporting small to medium-sized businesses in various industries in the Greater Phoenix Area, PK Tech can support and help your business grow from wherever you currently are. Schedule a free 15-minute call to chat with a member of our team today.