The collection of personal information has become an almost invisible part of doing business—while we may not think about it much, every organization we do business with collects information about us. In the transport industry, it’s no different. Consider this: airlines may know more about somebody who flies once a year than the local grocery store does that they visit once a week. That’s because in addition to your credit card number, airlines collect have your name, address, email address, and trip details.
This article explores large data losses in the transport industry. We’ll cover recent security breaches that affected Japan Airlines, New York Taxis, and rail authority NMBS and how they affect customers.
700,000 Customers Affected by NMBS Security Breach
In January of 2013, the National Railway Company of Belgium (NMBS) received over 2,000 complaints from customers about a security leak. The investigation revealed that NMBS left the personal details of thousands of customers accessible to anyone on the Internet.
The Privacy Commission investigating the incident determined that the breach affected over 700,000 customers. Names, addresses, and email addressed were exposed on an unsecured server.
How did this happen? According to NMBS, the culprit is an employee who accidentally pushed the wrong button. The story sounds plausible, but at the same time it’s a little unbelievable, too. Unfortunately, learning that data was leaked unintentionally won’t make the customers who were affected feel any better about the situation.
Poorly Anonymized Records Reveal 173 Million Taxi Rides
In 2014, New York City officials released the data of over more than 173 million taxi rides. In response to a public records request, information about every taxi driver’s comings and goings in New York City was made available to the public.
In the city officials’ defense, driver’s license and taxi medallion numbers were hashed using the MD5 algorithm. But as they learned quickly, simple hash functions are an ineffective way of keeping data secure. It took the hacker less than two hours to de-anonymize the entire 20 GB data file.
Compared to displaying personally identifiable information such as names, birth dates, and Social Security numbers, this particular data loss may seem trivial. However, the implications are greater than you think. Not only is it possible to stalk celebrities or anyone else by finding out where they went in NYC, but you can also detect weekly patterns for cab users.
And if that’s not enough, anyone can figure out who the recurring customers for NYC’s local Gentlemen’s clubs are just by following the routes each taxi takes during early morning hours. That’s great news for detectives assisting divorcees. However, in the grand scheme of things, it represents a huge lack of privacy for a lot of people, all because they took a cab to get to their final destination.
750,000 Customers Exposed by Japan Airlines Security Breach
In September 2013, Japan Airlines announced that it became the latest victim of hackers. Initially, the company identified the possible theft of information of about 750,000 customers in their frequent-flier program.
Investigations found that 23 computers had malware installed that sent data to a server located in Hong Kong. The information that was accessed included names, birth dates, genders, home addresses, work addresses, job titles, fax numbers, email addresses, frequent flyer membership numbers, and enrollment dates.
The breach occurred over several days, and according to investigators, about 21,000 pieces of data were sent to a malicious server.
In the official statement from Japan Airlines in January of 2014, the company reports that information from 4,131 customers was stolen. While that’s still a significant security breach, that number doesn’t come close to the worst-case scenario of 750,000 members.
Hopefully, Japan Airlines is right. In either case, it doesn’t look like the hackers got a hold of credit card numbers or frequent flyer PIN numbers during this security breach.
All Companies Must Take Cyber Security Seriously
Every organization dealing with customer data must take cyber security seriously. The New York City officials who released the routes of taxi drives in their city can’t do anything to undo the harm that has been done. However, future precautions must be taken before releasing information.
The transportation industry has access to a lot of information about its customers. They know where we’re going and record data that can map our schedules and habits. In order to maintain customers’ privacy, it’s important for these companies to store the information they collect securely.
eFileCabinet Keeps Your Documents Safe
With eFileCabinet, you don’t have to worry about data loss. We encrypt every file that you store with us, and we also provide backup storage for your convenience. In addition to keeping your files secure, we help you limit how much information you share with employees or third parties. By using role-based user permissions, you can prevent unauthorized access so you don’t have to worry about hackers. Your information is safe with us.