Data from New York Airport’s Servers Exposed Online for a Year
By MDL on February 25, 2017
Headline: Data from New York Airport’s Servers Exposed Online for a Year
Stewart International Airport accidentally leaked sensitive data from its servers for more than a year because an internet-connected storage device containing backup images of the airport’s servers was not secured with passwords. Neither the device nor the backup image files were password-protected.
MacKeeper Security Center researcher, Chris Vickery, was asked to analyze the data breach and detailed his findings in a post. Vickery writes, “The leaky data set includes everything from sensitive TSA letters of investigation to employee social security numbers, network passwords, and 107 gigabytes of email correspondence. Until I notified the facility’s management this past Tuesday, there existed a real risk to the security and safety of this US airport.”
Vickery noted that the airport contracted out its IT support to a company who assigned a single IT worker (who was not based on-site) to maintain the airport’s network infrastructure.
Stewart International Airport is located in Orange County, NY and is used by the public, the military, and, according to ZDNet, “is known for accommodating charter flights of high-profile guests, including foreign dignitaries.”
Bottom Line: MacKeeper Security Center researcher, Chris Vickery, sums up the key lessons in this data breach, “This is an important case study in how business practices can result in data breaches,” and “You get what you pay for, even in IT.” Poor security management and under-staffing can result in a business’ most-sensitive data being freely available to anyone online.
Sources: ZD Net, Security lapse exposed New York airport’s critical servers for a year. MacKeeper, Extensive Breach at Intl Airport
-
The Weakest Link: DoD Data Exposed by Third-party
The Weakest Link: DoD Data Exposed by Third-party
11/1/2019 -
New York Financial Companies must comply with cybersecurity regulation
New York Financial Companies must comply with cybersecurity regulation
3/29/2019 -
Global Weekly Executive Summary, 02 November 2018
Global Weekly Executive Summary, 02 November 2018
11/7/2018