Travel Security Firm International SOS Victimized By Cyber-Attack

[InfoSec News <alerts () infosecnews org>]

http://www.businesstravelnews.com/Worldwide-Travel/Travel-Security-Firm-International-SOS-Victimized-By-Cyber-Attack/

By Amon Cohen
Business Travel News
September 11, 2013

International SOS, which claims to be "the world's largest medical and 
security services company," suffered a cyber-attack on its 
traveler-tracking system. A source told BTN the incident took place Aug. 
28.

"We detected an unauthorized access in the U.S. to one of our systems, 
which hosts traveler information related to one of our information 
technology products," according to a company statement provided to BTN. 
"As soon as we were made aware of the incident, we immediately took steps 
to investigate and mitigate against further incidents, as well as notified 
the appropriate law enforcement authorities. We have proactively 
communicated to a limited group of clients whose travelers' data may have 
potentially been accessed. This incident remains under investigation and 
we are committed to providing further updates to our clients."

International SOS declined to indicate what data was compromised, how many 
clients were affected, whether the compromised data has been used for 
malicious purposes, which remedies have been taken and what lessons were 
learned.

BTN spoke to representatives of three International SOS clients who 
confirmed they had been contacted by the company about the incident.

In its marketing materials, International SOS claims to have "pioneered 
travel tracking technology." Generally, a security company like 
International SOS works on traveler tracking in cooperation with the 
client's travel management company. The TMC usually exports the client's 
passenger name records in their entirety to the traveler-tracking company, 
although payment information likely is masked. Some companies specify that 
only flight information and traveler contact details are transmitted, 
although even this information may be valuable to criminals who want to 
know when a person will not be at home. It also could be of value for 
industrial espionage.

Ironically, International SOS delivers public lectures on cyber-security. 
On Aug. 5, the company's general manager for group infrastructure projects 
Jonathan Bar presented at the Global Business Travel Association 
convention in San Diego. Pre-conference information on the session, titled 
"Cyber Security Risk Management: A Front-Line Approach," read in part: 
"Corporate information assets, intellectual property and employees' 
personal information are at risk every day to malicious attacks and prying 
eyes."

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/