A primary regional carrier flying on behalf of United Airlines under the United Express brand accidentally leaked a federal list of terrorists banned from flying after IT professionals left the file on an insecure public server.
The no-fly list is maintained by the Terrorist Screening Center and maintained by the FBI, as well as the Department of Justice and several other agencies, including the CIA and the US Department of Homeland Security.
The federal government is restricting any information about this document for fear that terrorists will then be able to get around the bans.
The policy of the US government is to neither confirm nor deny the presence of anyone on the “black list”, although the one who received a boarding pass before departure is not there.
Before 9/11, the federal government had only 16 people on the list, but it quickly expanded after the attack. By 2011, the document contained about 16,000 names; by 2013 this number had risen to 47,000 entries.
According to media reports, a new list found online contains more than 1.5 million names with dates of birth.
The hackers discovered the list while browsing a public server. “The server contained data from the 2019 federal no-fly list, which included first and last names and dates of birth.”
Personal data, including passport numbers, addresses, and phone numbers, of about 900 airline employees were also publicly available on the server. Passenger data is said not to have been compromised.
The Transportation Security Administration (TSA) said in a statement that it is “investigating coordination with federal partners.”