Time for a new lock
Amongst the many topics that came up repeatedly over the course of last month was the issue of security. As I’m sure many of you are aware, Cathay Pacific reported a massive data breach back on the 25 October, which affected more than 9.4 million passenger accounts. This marked the third (and biggest) data breach by a major airline within the last four months.
The topic of security also came up during my recent interview with Inmarsat’s CEO, Rupert Pearce, who highlighted his company’s efforts in keeping their connectivity solutions secure (Pg. 20). Plus, I was doing working the beat at the recent GITEX Technology Week for the GITEX Times, and as a result, got to see the latest developments in the threat landscape.
Going back to the Cathay Pacific hack, what struck me as incredible about the whole affair was that the critical data leaked included passport details and certain details of credit cards. I know that airlines tend to keep some of this data on record for their loyalty customers, but I’m beginning to wonder if the value outweighs the risks of that data being there.
I’m undoubtedly simplifying a complex issue but given that the aviation industry has experienced quite a number of security breaches as of late, perhaps not enough is being done to protect the data of passengers.
Throw in the fact that with inflight connectivity becoming a popular service on most major airlines, it simply adds even more vulnerabilities to the attack surface.
Once people start connecting more frequently in the air and accessing various aspects of their digital lives, the more their vulnerabilities are exposed in the event of a breach.
Getting access to an active credit is not the end of the world. That can just be cancelled. Getting access to a passenger’s credit card, passport details, and Facebook account, however, can lead to more nefarious uses of that data and that will change lives.