Infosecurity Magazine — United Airlines Hacked Again—by China?

Posted on Jul 29, 2015 in Quoted by Press |


United Airlines Hacked

United Airlines Hacked Again—by China?

In an article for Infosecurity Magazine, news reporter Tara Seals explains how the same Chinese hacking team may be responsible for a series of data breaches at United Airlines and the U.S. government’s Office of Personnel Management (OPM). Protegrity CEO Suni Munshani weighs in on the controversy.


 

The Chinese hacking team behind the strike on the US government’s Office of Personnel Management is believed to be responsible for a fresh hack of United Airlines.

According to reports, a breach in the May/June timeframe resulted in hackers gaining access to “data on the movements of millions of Americans,” passengers’ personal information, and, possibly, United’s forward-looking mergers and acquisitions strategy.

Sources said that the state-sponsored hacking team believed to be responsible is also behind two OPM breaches, compromising the details of roughly 26 million federal staffers, and Anthem. In terms of the latter, it emerged back in February that hackers successfully stole information on 78.8 million current and former customers and employees at the health insurance giant.

The US Department of Defense (DoD) has claimed that China is developing a vast database of information about US citizens, which would be used to craft crippling attack strategies.

. . .

In this case, data about geographic movements of individuals has been added to the enemy’s overall holistic view of American demographics.

“The location-based and personal information of citizens is a vital asset to our safety and should not be allowed to get in the hands of a foreign government,” Suni Munshani, CEO of Protegrity, said in an emailed comment. “With this breach, the target is getting more personal, and the information is a treasure trove of PII that is extremely valuable and harmful in the wrong hands.”

This breach, if proven, would be the second high-profile breach that the airline has faced, despite the airline instigating a bug bounty. In light of the national security aspect of the attack, some are calling for United to be transparent as to the attack vector, in order to raise all boats—or planes, as it were.

The full article can be found here.