Hacker leaks TSA’s ‘no fly’ list from unsecured airline server

The badge and TSA logo patch are seen on the uniform of a Transportation Security Administration employee. (G3 Box News Photo/Jeff Roberson)

Hacker leaks TSA’s ‘no fly’ list from unsecured airline server

Jenny Goldsberry

January 22, 12:48 AM January 22, 12:48 AM

Video Embed

A hacker leaked the TSA ‘no fly’ list and its Terrorist Screening Database to various outlets.

The hacker, a Swiss 23 year old that goes by the name “maia arson crimew” online announced in a blog post that she was able to access over 1.5 million rows of data which included the personal information of those not allowed to fly by TSA. This comes as a result of airline CommuteAir hosting the data on an unsecured Amazon Web Services cloud server.

CommuteAir’s corporate communications manager Eric Kane confirmed the legitimacy of the leak to Fox Business but also attempted to play down its urgency.


“The researcher accessed files, including an outdated 2019 version of the federal no-fly list that included first and last name and date of birth,” Kane said of crimew. “Additionally, through information found on the server, the researcher discovered access to a database containing personal identifiable information of CommuteAir employees.”

Crimew promised on her blog to make the list available to journalists and human rights organizations. Already it has been reported that Russian arms dealer Viktor Bout, who was a part of a prisoner exchange with WNBA player Brittney Griner, was on the list with 16 other known aliases from 2019. A number of protesters from the Unite the Right rally in Charlottesville, Virginia in 2017 were also reportedly on the list.

“TSA is aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners,” a TSA spokesperson confirmed to The Washington Examiner.

G3 Box News

CommuteAir operates 1,600 weekly flights to over 75 U.S. destinations and three in Mexico.

window.DY = window.DY || { }; DY.recommendationContext = { type: “POST”, data: [‘00000185-d705-df90-af97-df7f77310000’] };
© 2023 Washington Examiner

Related Articles

Leave a Reply

Back to top button