A Republican congressman who sits on the House Homeland Security Committee says Congress will “come looking for answers” after a hacker revealed the Transportation Security Administration’s no-fly list of known or suspected terrorists was accessible on an unsecured computer server.
“The entire US no-fly list – with over 1.5 million entries – was found on an unsecured server by a Swiss hacker,” Bishop said in a statement. Tweeter. “Besides the list being a civil liberties nightmare, how was this information so easily accessible?”
The North Carolina lawmaker, who sits on the House Homeland Security Committee, said Congress would investigate the data exposure revealed on Friday.
“We’ll come looking for answers,” Bishop said, making the breach perhaps the latest in a long line of investigations House Republicans have pledged to launch now that they have control of the chamber. low.
CNN has reached out to the committee for comment.
In an earlier statement to CNN, the TSA said Friday it was “aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners.”
The data was on the public internet in an unsecured computer server hosted by CommuteAir, an Ohio-based regional airline, according to the hacker claiming the discovery, CNN previously reported.
The hacker, who also describes herself as a cybersecurity researcher, previously told CNN that she notified CommuteAir of the data exposure.
The regional airline said in a statement that the data accessed by the hacker was “an outdated 2019 version of the Federal No-Fly List” which included names and dates of birth.
The no-fly list is a collection of known or suspected terrorists who are prohibited from flying to or within the United States. The screening program grew out of the September 11, 2001, terrorist attacks and involves airlines matching their passenger records with federal data to prevent dangerous people from flying.
CNN previously reported that CommuteAir, which exclusively operates 50-seat regional flights for United Airlines from hubs in Washington Dulles, Houston and Denver, said it took the affected computer server offline after a “community member of security research” contacted the airline.
The Daily Dot, a tech news outlet, first reported on the alleged data breach.