therecord.media Open in urlscan Pro
2606:4700::6812:1d78  Public Scan

Form analysis
4 forms found in the DOM

GET https://therecord.media/

<form role="search" method="get" class="search-form" action="https://therecord.media/">
  <input type="text" placeholder="Search" value="" name="s">
  <input type="submit" value="go">
</form>

<form class="search-form">
  <a href="#">
<i class="fas fa-search search-icon"></i>
<i class="fas fa-times close-icon"></i>
</a>
</form>

GET https://therecord.media/

<form role="search" method="get" class="search-form" action="https://therecord.media/">
  <input type="text" placeholder="Search" value="" name="s">
  <input type="submit" value="go">
</form>

POST

<form action="" method="post" class="newsletterForm">
  <input type="email" name="email" placeholder="your e-mail address">
  <input type="hidden" name="newSubscription" value="1">
  <input type="submit" value="go">
</form>

Text Content

Manage consent
We use cookies to optimize our website and our service. Cookie Policy

Functional

Marketing
Accept allDismissPreferences

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

Accept
 * Leadership
 * Cybercrime
 * Nation-state
 * Government
 * People
 * Technology

 * About
 * Contact
 * Click Here Podcast

 * 




SUBSCRIBE TO THE RECORD



IMAGE: Tomas Williams/UnSplash
Jonathan Greig January 30, 2023


TSA ISSUES SECURITY DIRECTIVE TO AIRPORTS, CARRIERS AFTER ‘NO-FLY’ LIST LEAK

Cybercrime
Government
News
Privacy
 * 
 * 
 * 
 * 
 * 

Jonathan Greig

January 30, 2023

 * Cybercrime
 * Government
 * News
 * Privacy

 * 
 * 
 * 
 * 
 * 


TSA ISSUES SECURITY DIRECTIVE TO AIRPORTS, CARRIERS AFTER ‘NO-FLY’ LIST LEAK

The Transportation Security Administration has issued a security directive to
all U.S. airports and air carriers warning them about the need for more
stringent cybersecurity protections following last week’s revelation that the
federal “no-fly” list had been leaked.

Outrage has grown since a Swiss national published a blog post earlier this
month explaining that a copy of the “no-fly” list from 2019 was left exposed on
an unsecured server, alongside other sensitive data from CommuteAir, a regional
airline under United Airlines.

A TSA spokesperson told The Record that the agency is still investigating the
incident but has reached out to all domestic airlines to warn them about the
prospect of further breaches. 

The security directive, issued Friday, “reinforces existing requirements on
handling sensitive security information and personally identifiable
information,” the spokesperson said. 

The agency ordered the carriers to review their systems and take immediate
action to ensure files were protected.

“We will continue to work with partners to ensure that they implement security
requirements to safeguard systems and networks from cyberattacks,” the
spokesperson said.

TSA added that CommuteAir notified the government of the breach on January 18
and reiterated that none of the agency’s systems were affected. 

The spokesperson noted that other federal agencies are working alongside TSA to
investigate the issue. 

In its incident report to Maine’s attorney general office, CommuteAir noted that
1,473 people were affected. The airline previously told The Record that employee
information also was leaked in the breach.

A screenshot of the dark web post.

Researchers last week dug up a November dark web post from the Endurance
ransomware group that claimed a database of employee information had been stolen
from the company.

A CommuteAir spokesperson did not respond to questions about the ransomware
attack but said there is “no evidence to support these two events are
connected.”

In their letter to victims of both data breaches, the company said it is working
with Mandiant to modernize their systems and investigate the incidents. They
noted that the breaches were also reported to the Cybersecurity and
Infrastructure Security Agency (CISA).

Rep. Dan Bishop (R-NC) expressed outrage at the leak of the list and said
Congress would launch its own investigation into the incident. 

Bishop and Committee on Homeland Security Chairman Mark Green (R-TN) sent a
letter to TSA Administrator David Pekoske on Thursday demanding answers about
how the hacker was able to access versions of the Federal Terrorist Screening
Dataset, as well as a version of the “no-fly” list. 



Green and Bishop noted that the hacker behind the incident told The Record that
it may have been possible for them to exploit their access to the server in
order to cancel or delay flights, and even switch out crew members.

“If this were to be the case, the national security implications of this are
alarming. As you are keenly aware, the transportation systems sector is one of
16 critical infrastructure sectors in the United States, ensuring the free
movement of people and goods essential to the American economy and way of life,”
they wrote.

“The notion that such a consequential database be left unsecure is a matter
concerning cybersecurity, aviation security, as well as civil rights and
liberties.”

The letter included 10 questions about the breach and demanded answers from TSA
by February 8. 

The White House has organized meetings with aviation industry leaders in recent
months as it seeks to bolster cybersecurity protections in key sectors. Another
congressman has called for federal agencies to investigate cybersecurity
vulnerabilities in all systems underpinning air travel.

A recent report found that there were 62 ransomware attacks on global aviation
stakeholders in 2020 alone, and the value of ransom demands broke records in
2021.

The European Air Traffic Management Computer Emergency Response Team (EATM-CERT)
found the number of reported cyberattacks among airline industry organizations
grew 530% from 2019 to 2020. The organization has tracked dozens of attacks
against airports and airlines over the last six months. 

 * 
 * 
 * 
 * 
 * 

Tags
 * airline
 * Airport
 * breach
 * CommuteAir
 * no-fly list
 * Transportation Security Administration
 * TSA

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has
worked across the globe as a journalist since 2014. Before moving back to New
York City, he worked for news outlets in South Africa, Jordan and Cambodia. He
previously covered cybersecurity at ZDNet and TechRepublic.

Previous article Next article
New York’s Andrew Garbarino takes helm of House’s cybersecurity subcommittee
Russian foreign ministry claims to be the target of ‘coordinated’ cyber
aggression


BRIEFS

 * Shares in British engineering company dive as it announces cost of
   cyberattack February 7, 2023
 * All classes canceled at Irish university as it announces ‘significant IT
   breach’ February 7, 2023
 * West Virginia students returning to class after days-long outage following
   cyberattack February 6, 2023
 * British steel industry supplier Vesuvius ‘currently managing cyber incident’
   February 6, 2023
 * CISA adds Oracle, SugarCRM bugs to exploited vulnerabilities list February 3,
   2023
 * Zero day affecting Fortra’s GoAnywhere file transfer tool is actively being
   exploited February 3, 2023
 * New York attorney general fines developer of stalking apps February 3, 2023
 * Tallahassee hospital diverting patients, canceling non-emergency surgeries
   after cyberattack February 3, 2023


RANSOMWARE TRACKER: THE LATEST FIGURES [JANUARY 2023]



Ransomware tracker: the latest figures [January 2023]






2022 ADVERSARY INFRASTRUCTURE REPORT



2022 Adversary Infrastructure Report












SEASON OF GIVING, SEASON OF TAKING: HEIGHTENED FRAUD DURING HOLIDAY SHOPPING



Season of Giving, Season of Taking: Heightened Fraud During Holiday Shopping












H1 2022: MALWARE AND VULNERABILITY TRENDS REPORT



H1 2022: Malware and Vulnerability Trends Report








RUSSIAN INFORMATION OPERATIONS AIM TO DIVIDE THE WESTERN COALITION ON UKRAINE



Insikt Group: Russian Information Operations








VULNERABILITY SPOTLIGHT: DIRTY PIPE



Insikt Group: Dirty Pipe








GLOSSARY

Threat Intelligence

Threat Intelligence Feeds

Threat Intelligence Platform

Payment Fraud Intelligence

 * 
 * 
 * 
 * 
 * 

 * Privacy Policy

© Copyright 2023 | The Record from Recorded Future News