BreachExchange mailing list archives
FAA registry of pilots' data at risk of data breach
From: security curmudgeon <jericho () attrition org>
Date: Mon, 8 Jul 2013 00:33:13 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.fiercegovernmentit.com/story/faa-registry-pilots-data-risk-data-breach/2013-07-03 By David Perera FierceGovernmentIT July 3, 2013 Personally identifiable information kept within the Federal Aviation Administration's Civil Aviation Registry is at risk for breach, says the Transportation Department office of inspector general. For a June 27 report (.pdf), auditors examined the registry's system configuration and account management, finding that they don't adequately protect pilots' information, which includes particularly sensitive elements such as their Social Security numbers and medical information. The registry isn't encrypted, and doesn't require multifactor authentication for registry users to log on to the system. FAA officials told auditors that they use digital signatures to authenticate users, but auditors say they found that not to be the case. There are more than 38,000 registry users who aren't FAA employees, but the agency "only sporadically validates" user accounts and doesn't routinely monitor who's accessing sensitive registry data. The agency doesn't have in place agreements with third parties that receive registry information to ensure they, in turn, safeguard the personally identifiable information, auditors say. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- FAA registry of pilots' data at risk of data breach security curmudgeon (Jul 09)