The Transportation Security Administration has issued a security directive to all U.S. airports and air carriers warning them about the need for more stringent cybersecurity protections following last week’s revelation that the federal “no-fly” list had been leaked.
Outrage has grown since a Swiss national published a blog post earlier this month explaining that a copy of the “no-fly” list from 2019 was left exposed on an unsecured server, alongside other sensitive data from CommuteAir, a regional airline under United Airlines.
A TSA spokesperson told The Record that the agency is still investigating the incident but has reached out to all domestic airlines to warn them about the prospect of further breaches.
The security directive, issued Friday, “reinforces existing requirements on handling sensitive security information and personally identifiable information,” the spokesperson said.
The agency ordered the carriers to review their systems and take immediate action to ensure files were protected.