It's been a bumpy ride for the aviation industry lately, as airlines and airports are more frequently being targeted by hackers and cybercriminals.
In what’s being called "the world’s biggest airline data breach", Cathay Pacific announced earlier today that the private information of 9.4 million customers had been compromised.
According to the carrier, suspicious activity was first discovered on its network back in March, and was eventually confirmed in May.
In a statement released on Cathay Pacific's official website, CEO Rupert Hogg apologized to passengers, adding:
"We are in the process of contacting affected passengers, using multiple communication channels, and providing them with information on steps they can take to protect themselves.”
This Is Your Captain Speaking
The Cathay Pacific data breach is only the latest in a series of recent cyberattacks targeting major airlines; and it certainly won’t be the last.
Back in September, British Airways revealed that a major hack had affected the personal data of 380,000 customers.
Prior to that, in August, Air Canada notified 20,000 potentially-affected customers of a data breach targeted towards its mobile app.
April saw Delta Airlines confirming that "a small subset” of its customers may have been affected by the breach of 7.ai, a third-party chat service used by the airline and other companies such as Best Buy and Sears, which were also affected.
And in July of 2017, Alaska Airlines announced that the computer systems of Virgin America, which it had acquired a year earlier, had been hacked, compromising the login information of 3,100 of its employees.
It’s not just airlines that hackers have on their radar.
In addition to the British Airways data breach, September also saw Bristol Airport fall victim to a ransomware attack, which affected its information screens and forced airport personnel to resort to using whiteboards and markers to communicate flight details to passengers. Low-tech, but effective.
Ok, But Why?
So why exactly are hackers so intent on attacking airlines?
Well, think about it: we all go on business trips, we all go on vacations, and most of us do so by plane, booking our flights online with credit cards. And when it comes to international travel, confirming your identity is kind of a big deal.
All in all, this makes airlines a treasure trove of private personal data like names, nationalities, dates of birth, telephone numbers, emails, physical addresses, passport numbers, and of course, credit card details.
As for the Bristol Airport ransomware attack, consider this: the more pressure an organization feels to regain control of its systems, the more likely they are to pay up to make everything go back to normal.
What better place to target with such an attack than a busy airport that sees thousands of passengers around the clock? Passengers who need immediate access to all kinds of booking and flight data. It's a recipe for disaster.
As long as we continue to entrust airlines with our sensitive data, hackers will continue to go after them for it. That’s why it’s crucial for the aviation industry to step up its cybersecurity game, and make sure everyone can fly safe and secure.