Summary:
Global Crossing Airlines Group, or GlobalX, confirmed to the U.S. Securities and Exchange Commission (SEC) that it was targeted in a cyberattack on May 5. The airline, which conducts deportation flights for U.S. Immigration and Customs Enforcement (ICE), reported that hackers breached some of its business systems.

While the airline maintained most information under wraps, a self-described hacker who called media outlets at 404 Media claimed that they had breached flight records and deportation manifests. The hacker said that they even defaced the website of GlobalX prior to publishing the data.

The information was then confirmed to be identical to real ICE deportation flights. Despite the breach, GlobalX revealed that none of its operations were affected and that the company does not expect the attack to hit its bottom line. The airline collects approximately $65 million annually in revenue from contracts with ICE. The FBI and DHS have been silent on the attack, and it isn't known what specific information was taken and how the attackers gained access.

Security Officer Comments:
This hack shows how even smaller companies that do work for the government can be high targets for hackers. Just because nothing was shut down doesn't make it a big deal, the hackers still accessed private details on flights that were supposed to be confidential. Since the company does work with ICE and deportation content, it only makes it worse. The hacker also stated they were a member of "Anonymous," which is kind of a group that hacks for causes they believe in. So it might be a message they are trying to convey here, and not just steal info. It's a lesson that companies should secure their systems better when they're dealing with sensitive stuff.

Suggested Corrections:
Check your important systems often, especially if you work with the government or have private info that could get targeted. Keep the really sensitive stuff separated from anything regular people can access online. Set up tools that watch for weird changes on your websites or files, so you know if someone messes with them. If you hire other companies to help with big jobs, like flying deportation flights, make sure they’re being careful too. Also, have a plan in case you get hacked, so you know who to call and what to do. And finally, lock down private info so only the people who really need to see it can.

Link(s):
https://therecord.media/airline-carrying-out-deportation-flights-confirms-cyberattack-sec