A Republican congressman who serves on the House Homeland Security Committee said Congress “will be coming for answers” after a hacker revealed the Transportation Security Administration’s no-fly list of known or suspected terrorists was accessible on an unsecured computer server.
“The entire US no-fly list – with 1.5 million+ entries – was found on an unsecured server by a Swiss hacker,” Bishop said in a tweet. “Besides the fact that the list is a civil liberties nightmare, how was this info so easily accessible?”
The North Carolina lawmaker, who sits on the House Homeland Security Committee, indicated Congress will investigate the data exposure revealed on Friday.
“We’ll be coming for answers,” Bishop claimed, possibly making the breach the latest in a long list of inquiries House Republicans have pledged to launch now that they have control of the lower chamber.
CNN has contacted the committee for comment.
In an earlier statement to CNN, the TSA said Friday it is “aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners.”
The data was sitting on the public internet in an unsecured computer server hosted by CommuteAir, a regional airline based in Ohio, according to the hacker claiming the discovery, CNN previously reported.
The hacker, who also describes herself as a cybersecurity researcher, previously told CNN she notified CommuteAir of the data exposure.
The regional airline said in a statement that the data accessed by the hacker was “an outdated 2019 version of the federal no-fly list” that included names and birthdates.
The no-fly list is a set of known, or suspected, terrorists, who are barred from flying to or in the US. The screening program grew out of the September 11, 2001, terrorist attacks and involves airlines comparing their passenger records with federal data to keep dangerous people off planes.
CNN previously reported that CommuteAir, which exclusively operates 50-seat regional flights for United Airlines from Washington Dulles, Houston and Denver hubs, said it took the affected computer server offline after a “member of the security research community” had contacted the airline.
The Daily Dot, a tech news outlet, first reported on the supposed data breach.