Regional airline company Champlain Enterprises, specifically its subsidiary CommuteAir, recently suffered a data breach, where a Swiss hacker gained access to the federal Terrorist Screening Database and “no-fly” list. This is after Champlain Enterprises received more than $73 million in financial assistance from the U.S. Treasury.
The sensitive data was held on an unsecured server in an unencrypted Excel sheet, making it easy for the hacker to gain access to the 1.5 million names — including aliases — that the U.S. government has put on a “no-fly list” due to suspicion or concern over terrorism, according to Fox Business. The breach also revealed company data, including private information on almost 1,000 CommuteAir employees.
CommuteAir contracts with major airlines like United to help them cover shorter regional routes. Over the course of the pandemic, its parent company received more than $73 million in assistance from the federal government as part of its Payroll Support Program, which was meant to help airlines keep its workers on the payroll, and was distributed over three rounds in 2020 and 2021.
Despite $73 million in federal assistance, the airline company was unable to keep its sensitive data secure or encrypted. Companies that take federal money and are trusted with sensitive public data like no-fly lists should at least be able to ensure that data is secure.
The #WasteOfTheDay is brought to you by the forensic auditors at OpenTheBooks.com