This week, San Francisco International Airport (SFO) has disclosed a data breach after two of its websites, SFOConnect.com and SFOConstruction.com, were hacked during March 2020, as reported by Forbes.
in terms of the scope of the attack, the attackers could have gained access to the login credentials of users registered on the two breached sites. All of those impacted are now being contacted.
Commenting on the data breach for Digital Journal is James Carder, Chief Security Officer & Vice President, LogRhythm.
According to Carder, this latest data breach continues to show just how vulnerable many companies are, despite the recent cases. Carder says: “The San Francisco International Airport (SFO) data breach is yet another example of the importance of IT and security hygiene. While the initial access or exploit point leveraged by the attacker to steal credentials and upload malicious code hasn’t been disclosed, one can assume that the attacker leveraged a known vulnerability in these websites specifically.”
In terms of how the data breach happened, Carder assesses: “It is likely that the SFO’s websites were not specifically targeted and that the attacker stumbled upon vulnerable web servers they could exploit. Connected to these websites are a number of links and connections to sites for employees to information.” In other words, loos security protocols created an opportunity for the attack to happen.
While facts are still emerging about the data loss, Carder is able to assess the impact: “There are still many unknowns around this incident such as how long the malicious code had been present on these compromised sites, the capabilities associated with the malicious code, or full details of the potential data exposed during that time, outside of usernames and passwords.”
In terms of lessons to be learned, Carder surmises: “Ultimately, more enhanced security measures may have allowed the San Francisco International Airport to avoid this breach.”