Airport security card company reveals data hack as AFP investigates
A company that provides airport security passes has had its data breached. (AAP: Mal Fairclough)
[A company that issues Aviation Security Identity Cards (ASICs) — designed to stop organised criminals and terrorists from accessing planes and other restricted airport zones — has been hacked, leading to concerns that Australian airport security may have been compromised as a result.
Hundreds of people applying for, or renewing, ASICs through NSW-based company Aviation ID Australia received emails on Wednesday telling them their ASIC application information may have been stolen, the ABC has learned.
Aviation ID Australia services regional and rural airports around the country.
“Aviation ID Australia … advise that a localised portion of our website has been intentionally accessed by an unauthorised entity,” managing director Ian Barker said.
“Unfortunately, we cannot confirm exactly what information has been accessed, however personal information that may have been breached includes name, street address, birth certificate number, drivers licence number, Medicare card number and ASIC number.”
‘I’m in limbo’
Australia’s airports and the people who work at them are considered some of the most sensitive elements of Australia’s national security infrastructure.
Around the world, airports have been targeted by terrorists for attacks and used by organised criminals to smuggle illicit drugs and black cash.
Former 747 pilot Nevan Pavlinovich received the email on Wednesday.
“So far we know nothing. I’m in limbo,” Mr Pavlinovich said.
“They say you’ve got to go change your passcodes, well that doesn’t really affect whether these people can now make IDs and get access onto the airport [and] I’ve given over a lot of very sensitive information and they could use that information against me.
“The kind of information the hackers may have obtained is far more significant that just names and dates of birth.
“You’ve got to give enough to get a security clearance because of the seriousness of having access, particularly as a pilot, to the areas of the airport that I can go onto.”
Federal Police investigating breach
“The AFP can confirm it is investigating a potential breach of the Aviation ID Australia website,” an AFP spokeswoman told the ABC.
“While the investigation remains ongoing, it is not appropriate to provide further details.”
The Civil Aviation Safety Authority, which oversees the ASIC system, has also been informed.
This is not the first time Australia’s aviation security system has come under scrutiny, with revelations in the past that people have been granted ASICs despite having criminal records or a history of association with radical Islamic groups such as Al Qaeda.
A federal report released last year revealed approximately 20 per cent of airport staff with access to planes have criminal convictions, including for drug trafficking.
Since February, federal legislation has required large companies to notify clients and the government when they are the subject of a data breach.
The theft of personal data is becoming an increasingly public issue; last year saw a series of high-profile breaches, including the hack of credit agency Equifax, which may have exposed nearly half the United States population to the risk of identity fraud.