Aviation Security Identity Cards (ASICs) are intended to prevent criminals and terrorists from gaining access to restricted areas in airports, as well as to airplanes, but Australian-based Aviation ID, a company that issues ASICs, has been hacked.
The company, which services regional and rural airports throughout Australia, reportedly received emails alerting it to the possibility that the ASIC application had been stolen. As is now required under Australia’s new privacy act, which went into effect in February 2018, Aviation ID notified hundreds of people who had applied for or renewed their ID cards that their information might have been compromised.
Reported yesterday by Australian Broadcast (ABC), the hack of the third-party supplier isn't necessarily big in number, but it's serious in terms of airport security, as airports are part of Australia’s critical infrastructure.
“A localized portion of our website has been intentionally accessed by an unauthorized entity,” Aviation ID managing director Ian Barker told the ABC.
"Unfortunately, we cannot confirm exactly what information has been accessed; however, personal information that may have been breached includes name, street address, birth certificate number, drivers licence number, Medicare card number and ASIC number," said Barker.
Australian Federal Police (AFP) confirmed that it is investigating the hack and declined to comment on any details. Commentators have speculated about the motives of such an attack. “The attackers may have accessed the database for the cards that are created and used to authenticate authorized personnel on the airport grounds,” said Pravin Kothari, founder and CEO of CipherCloud.
“Did the cyber-attackers also steal the graphics files and images necessary to reproduce and clone these ID cards?" Kothari continued. "Beyond the security risks, the data to produce the ID cards seems to have included names of the airport personnel, addresses, birth certificate numbers, driver's license numbers, Medicare card numbers and more. This comprehensive data could enable ID theft and even worse, financial fraud.”