Security researchers have found a security lapse at Stewart International Airport that exposed server backups to the Internet for more than a year. The backups contained sensitive information including one file with a list of usernames and passwords for various devices and systems, allowing full access to the airport’s internal network. The drive was installed by a third-party IT contractor. Michael Patterson, CEO at Plixer commented below.
Michael Patterson, CEO at Plixer:
“After uncovering an exposed backup system, it is often a good idea to review historical traffic patterns headed to the Internet from the server at risk. This allows security teams to determine if any massive downloads took place. Organizations leveraging 3rd party assistance in IT need to make sure that they hold their contractors accountable and that they adhere to internal security practices. Requiring that they have insurance to help cover the loss from security breaches, should be a serious consideration.”