United Airlines, the world’s second-largest airline by seat capacity, was the target of a group of Chinese hackers who were behind one of the largest breaches of government data in U.S. history.
The airline detected an attack on its computer systems in May or early June, several people familiar with the probe told Bloomberg. Among the data stolen from United are manifests that contain information on flights’ passengers and their movements across the world, added Bloomberg.
If it proves accurate, the amount of data amassed by the same group of hackers is staggering, and the potential for cross-referencing across different databases is endless. The hack in July on the U.S. Office of Personnel Management compromised the sensitive information of 21.5 million people, including social security numbers for current and former federal workers, contractors, friends, and families. The theft of airline information could be used to cross-check travel patterns for government and military officials, providing more clarity on the dealings of top American government staff members. The China-backed team of hackers are said to have hit at least 10 companies and organizations, according to security firm FireEye.
“You’re suspicious of some guy; you happen to notice that he flew to Papua New Guinea on June 23 and now you can see that the Americans have flown there on June 22 or 23,” James Lewis, a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington, told Bloomberg. “If you’re China, you’re looking for those things that will give you a better picture of what the other side is up to.”
This comes after news that United (UAL) had awarded two hackers one million free frequent flyer miles each as “bug bounties” for helping to flag security flaws in their system.