Airlines operate huge volumes of passenger data, highly liquid commercial details, and their own know-how. For such a fast-paced business, any leak can have grave consequences.
As part of a newly discovered cyber incident that took place in the autumn of 2017, hackers may have accessed payment information of some Delta Air Lines customers through the servers of [24]7.ai, a provider of online chat services to Delta. Following the discovery, Delta launched a special website to offer free credit monitoring services to customers who believe they may have been impacted.
India is facing an unfolding scandal after budget airline GoAir has filed a suit against its former CEO Wolfgang Prock-Schauer, who now heads GoAir’s rival and a major national airline, IndiGo. GoAir lawyers submitted sealed documents that they claimed belong to GoAir and had been stolen by Prock-Schauer before he joined IndiGo.
Suzette Kugler, an Ex-PenAir employee from Alaska, who had a 29-year long career at the airline and was the administrator of PenAir’s Sabre booking system, pleaded guilty to hacking the said system in spring last year. In February 2017, PenAir filed for bankruptcy, which led to shutting down of all of their operations in Alaska, ultimately leading to Kugler losing her position. Before retiring, Kugler used her access to PenAir’s system, created a fake new employee account and gave it access to high-level security clearance, and other privileges. In just two months, April and May, Kugler disabled a former colleague’s access permission and then went on to erase flight information for eight airports. This led to trouble and even inability to book tickets or make modifications to any flight that was set in one of those eight airports. Following all such developments, FBI agents executed a search warrant for Kugler’s place and discovered two laptops with Sabre VPN software installed.
Is it possible to get a list of passengers flying with the largest airline in Ukraine? It is quite easy indeed. A savvy Internet user with a nickname dinikin discovered a vulnerability on the website of Ukraine International Airlines that allowed anybody, using a PNR code, to access a wide range of data on any passenger, including first and last names, date of birth, passenger category (adult/child), flight number, departure and arrival times, and payment details.
Indeed, carrier data is a honeypot for hacker groups. Thus, last year, WestJet, a Calgary-based airline, reported that the profile data of some WestJet Rewards members were disclosed online “by an unauthorized third party.” Another airline, Virgin America, informed its employees of a breach in its systems saying that they may be impacted.
