CommutAir, a regional carrier operating 50-seat aircraft under the United Express banner on behalf of United Airlines, has confessed to carelessly leaving multiple sensitive data files on an unsecured server, including the FBI’s terrorist “No Fly” list.
FBI’s Terrorist “No Fly” List Obtained By Hackers From Careless United Express Regional Carrier CommutAir
Per the Transportation Security Administration, the No Fly List is a small subset of the U.S. government Terrorist Screening Database (also known as the terrorist watchlist) that contains the identity information of known or suspected terrorists. This database is maintained by the FBI’s Terrorist Screening Center.
Those on the No Fly List are prevented from boarding an aircraft when flying within, to, from, and over the United States.
A Swiss hacker found a text file marked NoFly.csv and says it contains 1.5 million names (though some of the names are aliases). The last reference point we had was a decade ago when a leak revealed the list stood at around 47,000 names.
A CommutAir spokesperson confirmed to the Daily Dot:
“The server contained data from a 2019 version of the federal no-fly list that included first and last names and dates of birth.”
Other employee personnel files were on the server, but no passenger information.
My response is not one of outrage against CommutAir, but outrage against the list itself. Too many people have found themselves on the list that should not be there and the shadowy way the list is maintained and administered strikes me as anathema to the American system of ordered liberty with special safeguards for individual rights.
No foreign citizen is entitled to enter the USA, but the idea that someone can be wrongly added to the list and languish there for years is obscene. And I speak not theoretically but on behalf of a dear friend in Egypt who found himself on the list likely due to his common name and was barred entry to the USA. If the USA is going to maintain such a list, it darn well must do a better job of maintaining it.
CommutAir, which operates on behalf of United Express, has confessed to leaving a 2019 edition of the FBI’s terrorist “No Fly” list on an unsecured server, making it vulnerable to a hacker. While such foolish data management should be condemned, I find the revelation that the list is 1.5 million lines long to be far more concerning.
(image: TSA // H/T: Paddle Your Own Kanoo)