top of page

'No Fly List' Leak Highlights the Importance of Hardened Cloud Security

A hacker known as "maia arson crimew" has found an unsecured cloud server belonging to US regional airline CommuteAir. The server contained data from a 2019 version of the federal no-fly list that included first and last names and dates of birth, along with some employee and flight information. The server has been taken offline and CommuteAir has submitted notification to the Cybersecurity and Infrastructure Security Agency and is continuing with a full investigation.

Ed Williams, Trustwave

Ed Williams, Trustwave SpiderLabs Director, EMEA, explained how this incident highlights the potential security gaps in cloud architecture for organizations that aren't familiar with cloud complexity:

“This news supports the misnomer that exists around security and the cloud. Cloud security is not easy and not down to one or two individuals. Rather, building secure cloud infrastructure is a highly complex, shared responsibility model requiring rigorous understanding of a plethora of attack vectors.

And, whilst in this instance a robust pen testing program would have identified the issues in build quality and looked to add defense in depth - reinforcing how important it is to never overlook the importance of security ‘basics’ - the primary question this leak raises is whether sensitive data should ever be stored in clear text in today’s age of relentless cyber threats.” ###


bottom of page