A Republican congressman serving on the House Homeland Security Committee stated that Congress “will be coming for answers” following the revelation that the Transportation Security Administration’s (TSA) no-fly list, which includes known or suspected terrorists, was accessible on an unsecured computer server.
“The entire US no-fly list – with 1.5 million+ entries – was found on an unsecured server by a Swiss hacker,” Bishop tweeted. “Besides the fact that the list is a civil liberties nightmare, how was this info so easily accessible?”
The North Carolina representative, who is a member of the House Homeland Security Committee, suggested that Congress will investigate the data exposure disclosed on Friday.
“We’ll be coming for answers,” Bishop declared, potentially making this breach the latest in a series of inquiries House Republicans have promised now that they hold control of the lower chamber.
Earlier, the TSA informed that it is “aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners.”
The exposed data was found on a public internet server hosted by CommuteAir, a regional airline based in Ohio, according to the hacker who discovered it.
The hacker, who also identifies as a cybersecurity researcher, had earlier informed that she had notified CommuteAir about the data exposure.
CommuteAir stated that the data accessed by the hacker was “an outdated 2019 version of the federal no-fly list” containing names and birthdates.
The no-fly list comprises individuals identified as known or suspected terrorists who are prohibited from flying to or within the United States.
The screening program, which originated from the September 11, 2001, terrorist attacks, requires airlines to compare their passenger records with federal data to prevent dangerous individuals from boarding flights.
It was previously reported that CommuteAir, which operates 50-seat regional flights exclusively for United Airlines from hubs in Washington Dulles, Houston, and Denver, took the affected computer server offline after being contacted by a “member of the security research community.”
