United Airlines is the latest to fall victim to a data breach. The hackers stole flight manifests, which disclose information about passengers on the flight and their destinations. News reports are pointing fingers at hackers backed by China.
Many are attributing the attacks to the same group that earlier this year attacked health insurer Anthem and U.S. Office of Personnel Management (OPM). In February, Anthem informed millions of its customers that hackers had gained access to the company’s computers, potentially stealing personal information of 80 million former and current customers. In June, OPM reported a hack affecting its systems compromised the personal information of 21.5 million current and former federal workers.
As has occurred with many other breaches, attackers hide often hide (and observe) inside an organization’s network for many months before they are detected. It is clear that commonly used detection tools are simply not performing as intended or just as likely, are not implemented correctly.
It is very clear now that companies and government agencies need to take a critical look at how they can identify whats changing in their environments, and assess how those changes affect their security postures and attack surfaces. This monitoring of network activity has to occur on a constant basis now.
Airlines Under Siege by Hackers
It is clear that airlines are being attacked from all angles today. Data systems including membership programs, reservations systems, and even in-flight activity have all be compromised on various airlines this past year.
The airline industry, like all industries for that matter are going to have realize that they make up a critical part of the infrastructure that appeals to nation states and cybercriminal groups, and they must to do a better job to secure their systems.
This was the second security breach for United Airlines in the past 12 months and the FAA, which demonstrates the need to prioritize and refocus their attention around cybersecurity.
You can read my May 16, 2015 story, “United Airlines Bug Bounty” about the earlier United Airlines hack.
Personal Security – Personal Responsibility
As I have suggested countless – endless times here. Individuals must take security seriously and not to depend on corporations to do this for them. Using strong and unique passwords as well as two factor authentication whenever possible will go along way to protecting your information even if the airline you just booked a flight with was hacked.