The FBI’s No Fly List was found on the public internet on an unsecured server hosted by regional airline CommuteAir, a hacker in Switzerland reported.
The hacker, a self-described cybersecurity researcher, notified the airline about the data exposure. CommuteAir is a United Airlines United Express regional partner.
The No-Fly List is maintained by the U.S. government’s Terrorist Screening Center, a division of the National Security Branch of the Federal Bureau of Investigation. The list is used by government agencies and airlines to decide whom to prohibit on board airline flights. Those on the list are prohibited from boarding commercial aircraft for flights within, into, or out of the United States.
The list was created in the aftermath of the September 11, 2001 terror attacks.
The breach of the list was confirmed on Friday by the Transportation Security Administration and on Saturday by Congressman Dan Bishop, who sits on the House Homeland Security Committee.
“The entire US no-fly list – with 1.5 million+ entries – was found on an unsecured server by a Swiss hacker,” Bishop said in a tweet. “Besides the fact that the list is a civil liberties nightmare, how was this info so easily accessible?”
Bishop indicated that Congress will investigate the incident.
In a statement released to the media on Friday, the TSA said it was “aware of a potential cybersecurity incident” and said it was investigating it “in coordination with our federal partners.”
(Photo: Accura Media Group)