Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security & Business ResilienceCybersecurity NewsPorts: Sea, Land, & Air

Airline Industry Braces for Breach Impact

By Setu Kulkarni
cyber-air
January 3, 2019

When most people think of commercial aviation and security, they likely conjure up images of long lines of people shuffling along with their shoes off, plastic bins in hand. But lately a different kind of security has been making headlines when it comes to airlines.

In October 2018, Cathay Pacific announced that up to 9.4 million passengers had their data stolen as a result of a data breach that occurred in March. According to the airline, passport information, including names, card numbers, and dates of birth may all have been compromised, as well as details about where each passenger had travelled. The airline says there is no evidence personal information was misused.

The Cathay Pacific incident is only the latest example of a high-profile data breach affecting a major airline this year.

In August, Air Canada said it had “detected unusual log-in behavior” on its mobile app. Days later, it confirmed a data breach that it said could affect 1 percent of its app users – about 20,000 people. In an email to customers, the airline disclosed that hackers may have accessed everything from basic profile data – names, emails and phone numbers – to more sensitive data such as passport numbers and dates of birth. Some credit card information was also accessed, though the airline said none of the data was actually at risk.

That was followed in September by British Airways revealing that a data breach impacted some 380,000 booking transactions. Sensitive financial information, including credit card numbers, expiration dates and CVV codes, were all compromised, as well as passenger names, addresses, and email addresses, according to the airline. Threat detection firm RiskIQ has linked a criminal hacking gang known as Magecart to the intrusion.

And earlier this year, Delta Airlines admitted that customer data was stolen after a security lapse at one of its third-party customer support service vendors.

So why are airlines suddenly finding themselves prime targets for hackers?

There is no short answer here, but it is clear that while airlines have become increasingly dependent on technology for both internal processes and customer-facing applications, they have been slow to embrace the level of security needed to protect those systems. For example, in recent years, airlines have encouraged travelers to use mobile apps for things like tracking flights and accessing digital boarding passes. But as an unintended consequence, this convenience has introduced new cyber risks that airlines never had to worry about before. In addition, airlines have increased their dependency on third-party software and various B2B software services to deliver rapid value to their customers. Not knowing the overall “security posture” of their software supply chain has turned out to be very costly for the airlines and their customers.

However, the problem isn’t limited only to mobile apps. According to the yearly “State of Application Security” research conducted by WhiteHat Security, more than one-third of all applications in the transportation industry are always vulnerable.

To lessen the risk of further data breaches occurring, the aviation industry as a whole must change the way it approaches security. Instead of thinking about “what we need to secure,” airlines should focus on “who we need to secure.” In other words, airlines need to model their security endeavors around the hundreds of thousands of customers who trust them to protect the private information they are required to share in order to fly.

Furthermore, every single company that touches sensitive data – not just the airlines themselves – needs to make security a consistent, top-of-mind concern and view the entire IT estate as a vulnerable asset that needs to be secured. This means protecting all potential points of entry, including APIs, network connections, mobile apps, websites and databases.

Most importantly, to avoid hacks and the negative business impact of shutting down millions of users to stop them, it is imperative for airlines and other travel industry companies to take a proactive approach to application security. This means testing all software assets – whether web, mobile or APIs – throughout their development lifecycle. Providing adequate and appropriate training and education and fostering meaningful collaboration between Development and Security teams is also important as it helps them better understand and prioritize how to mitigate risk.

It’s not a stretch to say that comprehensive security testing and training along with continuous assessment of production assets could make such massive breaches a thing of the past.

Of course, there are also things the traveling public can do to protect themselves when a data breach occurs. The first thing travelers should do is immediately change their password on the affected airline’s app and ensure they are not using the same password for other sites and apps. At the very least, consumers should use a variety of passwords to minimize the impact. Turning on two-factor authentication for any app that supports it is also a good idea.

That said, the onus is on the aviation industry to address this problem, and these recent data breaches should serve as a wake-up call. For all intents and purposes, today’s airlines are tech companies, and they need to implement security as such.

While airlines deserve credit for employing cutting-edge technology in creative ways to increase convenience for travelers, they must also take accountability for “digital safety” of their customers as seriously as they take aviation safety.

KEYWORDS: airport security cyberattack data breach security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Setu Kulkarni is vice president, corporate strategy, for WhiteHat Security. He is responsible for WhiteHat’s business strategy & development activities spanning M&A, new business partnerships and technology alliances.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data-enews

    How a Security Breach Can Impact the Value of Your Brand

    See More
  • green and red network data

    The impact of a data breach

    See More
  • data breach

    New survey examines the impact of SolarWinds breach on cybersecurity

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing