[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security error leaves 760 gigs on NY airport servers unprotected for a year



Security error leaves NY airport servers unprotected for a year

The backup storage drive hadn't been password-protected since April.

The 760 GB of exposed data included TSA letters of investigation, social
security numbers, internal airport schematics and emails, according to
Chris Vickery, lead researcher from MacKeeper Security Center. He'd
discovered the lapse, noting that the backup drive "was, in essence,
acting as a public web server." If someone had found their way in, they
could access a particular file with usernames and passwords for various
devices and systems, which security experts confirmed to ZDNet would
open up every component of the airport's internal network to a malicious
user.

Apparently, the Port Authority of New York and New Jersey contracts out
management of Stewart Airport to a private company called AvPORTS, which
uses a single IT professional to set up and maintain its networks.
Obviously, having one person show up twice a month per location to make
sure each IT setup is watertight presents opportunities for lapses that
go unnoticed. A Port Authority spokesperson noted that an investigation
was ongoing, but that no information was believed to have been
compromised during the near year-long exposure.

https://www.engadget.com/2017/02/24/security-error-leaves-ny-airport-servers-unprotected-for-a-year/

https://mackeeper.com/blog/post/334-extensive-breach-at-intl-airport