A Swiss hacker stumbled across an unprotected server maintained by a U.S. national airline that included the private information of “hundreds of thousands” of people registered on the American government’s federal “No Fly List” and terrorism database, according to the Daily Dot. The identities of nearly 1,000 employees with the airline, CommuteAir, were also compromised, the outlet reported. The hacker, maia arson crimew, told the Daily Dot that the exposed infrastructure could have allowed a bad actor to “completely own” the airline. The server was taken offline prior to publication, after the Daily Dot flagged it to CommuteAir, which told the outlet in a statement that the server was used for testing and development purposes. In its own statement, the TSA said that it was “aware of a potential cybersecurity incident with CommuteAir, and we are investigating in coordination with our federal partners.”
