Data from New York Airport’s Servers Exposed Online for a Year

Headline: Data from New York Airport’s Servers Exposed Online for a Year

Stewart International Airport accidentally leaked sensitive data from its servers for more than a year because an internet-connected storage device containing backup images of the airport’s servers was not secured with passwords. Neither the device nor the backup image files were password-protected.

MacKeeper Security Center researcher, Chris Vickery, was asked to analyze the data breach and  detailed his findings in a post. Vickery writes, “The leaky data set includes everything from sensitive TSA letters of investigation to employee social security numbers, network passwords, and 107 gigabytes of email correspondence. Until I notified the facility’s management this past Tuesday, there existed a real risk to the security and safety of this US airport.”

Vickery noted that the airport contracted out its IT support to a company who assigned a single IT worker (who was not based on-site) to maintain the airport’s network infrastructure.

Stewart International Airport is located in Orange County, NY and is used by the public, the military, and, according to ZDNet, “is known for accommodating charter flights of high-profile guests, including foreign dignitaries.”

Bottom Line: MacKeeper Security Center researcher, Chris Vickery, sums up the key lessons in this data breach, “This is an important case study in how business practices can result in data breaches,” and “You get what you pay for, even in IT.” Poor security management and under-staffing can result in a business’ most-sensitive data being freely available to anyone online.

Sources: ZD Net, Security lapse exposed New York airport’s critical servers for a year. MacKeeper, Extensive Breach at Intl Airport