Security error leaves NY airport servers unprotected for a year

Security error leaves NY airport servers unprotected for a year
The backup storage drive hadn’t been password-protected since April.
By David Lumb
Feb 25 2017

The 760 GB of exposed data included TSA letters of investigation, social security numbers, internal airport schematics and emails, according to Chris Vickery, lead researcher from MacKeeper Security Center. He’d discovered the lapse, noting that the backup drive “was, in essence, acting as a public web server.” If someone had found their way in, they could access a particular file with usernames and passwords for various devices and systems, which security experts confirmed to ZDNet would open up every component of the airport’s internal network to a malicious user.

Apparently, the Port Authority of New York and New Jersey contracts out management of Stewart Airport to a private company called AvPORTS, which uses a single IT professional to set up and maintain its networks. Obviously, having one person show up twice a month per location to make sure each IT setup is watertight presents opportunities for lapses that go unnoticed. A Port Authority spokesperson noted that an investigation was ongoing, but that no information was believed to have been compromised during the near year-long exposure.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s