FlightAware Data Breach Exposes Customers' Personal Information Including Social Security Numbers
Flight tracking giant FlightAware recently disclosed a major data breach due to a "configuration error", leading to the exposure of sensitive personal information of its customers, including Social Security numbers. The company, known for being a top aggregator of flight data, discovered the error on July 25 and promptly notified users about the extent of the breach.
The exposed data includes a range of personal details such as names, email addresses, billing and shipping addresses, IP addresses, social media accounts, telephone numbers, year of birth, last four digits of credit card numbers, information about aircraft owned, industry, title, pilot status, and account activity. Additionally, passwords and Social Security numbers were also compromised, as revealed in a separate notice filed with California's attorney general's office.
In response to the breach, FlightAware is requiring all affected users to reset their account passwords. However, it remains unclear whether stored passwords were encrypted or to what extent. The breach itself dates back to January 2021, spanning over three years. While the company attributes the incident to a configuration error rather than a cyberattack, the extent of data access or exfiltration remains unknown.
FlightAware has not disclosed the number of affected customers, and a spokesperson has not provided further comments on the matter. With over 10 million monthly users, the breach has potentially impacted a significant portion of the company's user base.
In conclusion, this data breach highlights the importance of safeguarding personal information online and the potential risks associated with sharing sensitive data with third-party service providers. It serves as a reminder for individuals to regularly update their passwords, monitor their accounts for suspicious activity, and stay informed about data security practices to protect their privacy and financial well-being.