Massive security breach uncovered at New York airport


During a “random web search,” data security expert Chris Vickery made the disturbing discovery that all year long, computer hackers had provided public access to sensitive computer data, including “security clearances, passwords to airport computers, and confidential communications from federal security agencies” at Stewart International Airport.

Vickery said he discovered the data breach when he realized that “more than 700 gigabytes of data had been stored on an unsecured server since April.” In fact, the sensitive information could easily be accessed by anyone. “It’s like somebody painting a big sign outside their house with all their personal information on it and anybody passing by can see it,” he explained.

Located near Newburgh, N.Y., the commercial airport served nearly 300,000 passengers in 2015, according to North Jersey News. Stewart International Airport and Teterboro Airport in North Jersey are both managed by AvPORTS and operated by the Port Authority of New York and New Jersey, which also owns LaGuardia, John F. Kennedy International, and Newark Liberty International airports. However, a Port Authority spokesman said, “The bi-state agency’s computer network is maintained separately from AvPORTS’.”

Related News: TSA Allows Security Breach At JFK Airport

IMG_0168Spokesman Ron Marsico added, “Based on our investigation to date, the Port Authority network has not been compromised and remains sound.” In light of the fact that AvPORTS, which is based in Virginia, manages 16 airports around the country, an investigation is ongoing, he told reporters.

According to Vickery, who works as a lead security researcher for the software security firm MacKeeper, it was possible for anyone to “download hundreds of gigabytes of information including staff payroll files, emails, identities of people with security clearances, logs of lost security ID badges and letters from the Transportation Security Administration warning of security lapses at the airport.”

After realizing the breach, Vickery notified officials. “He said it took seven hours, and calls to AvPORTS, Port Authority police, and Stewart Airport on Friday before the server was secured,” according to the report, which noted a chilling detail: “Since then, Vickery said no one has contacted him asking him what data he is holding or to delete the information.”

Vickery warned that the data breach may be more serious than officials realize, and “hackers could have used the information to issue or edit boarding passes at Stewart.”

First reported by the tech news site ZDNet, it was revealed that they had seen Transportation Security Administration letters of investigation during the past decade in reference to security lapses at Stewart.  “Cases included airport officials’ failure to perform checks of a federal no-fly list and a key to a secure area of the airport which was left on a ticket counter.”


If you would like to receive Breaking News text alerts on a smartphone or tablet, download the DML APP which is completely FREE and easy to use. Go to the Google Play Store or the IOS App Store and search for DML APP. Be sure to keep the app’s notifications setting on. Another way to receive alerts is to text to 40404 the following message: follow @realdennislynch (be sure to put a space between the word follow and the @ symbol).

To see more stories like this, sign up below for Dennis Michael Lynch’s email newsletter.


Comment via Facebook

Send this to a friend