Hackers spark airport security scare
HACKERS have sparked an airport security scare after a company that issues Aviation Security Identity Cards reported that hundreds of its clients may have had their data stolen.
Australian Federal Police are now investigating the cyber attack on Aviation ID Australia, the ABC reports.
There are concerns airport security may have been compromised given the ID cards are designed to stop criminals or terrorists from accessing planes and other restricted airport zones.
Aviation ID Australia reportedly informed hundreds of people applying for or renewing their ID cards yesterday that their application information may have been stolen.
Managing director Ian Barker wrote to clients to inform them a "localised portion" of the company's website had been "intentionally accessed by an unauthorised entity".
"Unfortunately, we cannot confirm exactly what information has been accessed, however personal information that may have been breached includes name, street address, birth certificate number, drivers licence number, Medicare card number and ASIC number," he said.
The company provides ID cards for regional and rural airports.
Former 747 pilot Nevan Pavlinovich, who received the email yesterday, told the ABC the breach was serious.
"They say you've got to go change your passcodes, well that doesn't really affect whether these people can now make IDs and get access onto the airport [and] I've given over a lot of very sensitive information and they could use that information against me," he told the broadcaster.
"The kind of information the hackers may have obtained is far more significant that just names and dates of birth.
"You've got to give enough to get a security clearance because of the seriousness of having access, particularly as a pilot, to the areas of the airport that I can go onto."
An AFP spokeswoman confirmed to the ABC it was investigating a potential breach of the Aviation ID Australia website.
The Civil Aviation Safety Authority, which runs the ID system, has also been informed.
Last year, the company would not have been forced to report the data breach.
But new federal government laws that force companies and organisations to report any suspected data breach that could do "serious harm" came into force in February.
In the first six weeks of the notifiable data breach scheme being implemented there were 63 major data breaches reported - about half the number that were reported last year when notifying victims was voluntary.