Welp - TSA's no-fly list found on unsecured server, 1.5MM entries exposed

[ElPaso Pilot]

From the gang that can't hit straight, nor audit their partners' data security -- a text file named NoFly.csv was found on an unsecured CommuteAir server.

EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server

One of the most sensitive U.S. government documents was left online.

"The server also held the passport numbers, addresses, and phone numbers of roughly 900 company employees. User credentials to more than 40 Amazon S3 buckets and servers run by CommuteAir were also exposed...

...an expert familiar with the contours of the No Fly List cautioned that a list that size may be the larger Terrorism Screening Database and not the smaller No Fly List. "​

https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/

 

[Zeldman]

Was my name on it.??

 

[Half Fast]

Was my name on it.??

Yep. Looks like what they actually got was just the POA subscriber list.

 

[Bob Noel]

"one of the most sensitive US govt documents"

good grief.

 

[Half Fast]

"one of the most sensitive US govt documents"

good grief.

Yep. That’s how I knew it was the POA subscriber list.

 

[texasclouds]

Was my name on it.??

I deleted it for you. You’re good to fly again

 

[MauleSkinner]

"one of the most sensitive US govt documents"

good grief.

Talk nicely to it…we don’t want to make it cry.

 

[Getonit]

I remember flying 135 about 2005 and we had to check passengers against an excel spreadsheet someone downloaded from somewhere. We could check anybody we wanted I guess. My recollection and understanding might be off though, it was not a sophisticated solution.

 

[Clip4]

Pretty sure Abdallah, Abdellah, Abdollah, Abdullah , Abdulla or Abdalla already know they are on the list.

 

[Albany Tom]

The way to make sure a federal agency doesn't lose sensitive data is to not let the federal agency have sensitive data. This would be more hilarious if the same contractor worked on this as did the last support of the notam system.

 

[GaryM]

While reading it was no doubt interesting, being able to add or delete names from it was probably even more fun!

 

[Pinecone]

"one of the most sensitive US govt documents"

good grief.

Hmm, agreed. The people on it, know they are on it.

But not TSA letting it out.

 

[Doug Reid]

Probably found in a box next to someone's old Corvette...

 

[midwestpa24]

Hmm, agreed. The people on it, know they are on it.

But not TSA letting it out.

Only if they ever have tried to fly. TSA does not tell you if you are on it, and it is quite the legal process to even try to find out. The documents are SSI, but apparently someone at the airline must have saved a copy to their server which is a no no as well.

The list has existed since 2001, and as far as I know this is the first time it was ever publicly leaked. Even then it was a 3 year old copy of it.

 

[MauleSkinner]

Hmm, agreed. The people on it, know they are on it.

IIRC, there was a politician who didn’t know he was on it.