Former Flight School Employee Arrested for Allegedly Altering Aircraft Data
A former flight training school employee broke into the school’s systems and modified aircraft data. In some cases, aircraft that had needed maintenance were cleared to fly. Lauren Lide had been Flight Operations Manager at the Melbourne Flight Training school until she resigned from the company in November 2019. The intrusion and data tampering occurred in January 2020. Lide has been arrested and charged with fraudulent use of a computer and unauthorized access to a computer system or network.
Another good example of why privileged accounts should be migrated from reusable passwords to multi-factor authentication. The account of the current Flight Operations Manager was used for the unauthorized access – even just using text messaging as the second factor would have prevented this damage.
This is a case of a (former) disgruntled insider who, despite her credentials being disabled, was able to obtain current credentials with sufficient privileges to retaliate. Use of MFA would have prevented that access. Additionally monitoring for anomalous access patterns could help discover the illicit activity.
From our perspective the issue is not the sensitivity of the data that was altered so much as that a former employee accessed the company’s systems. When granting privilege, be sure that you know how you will withdraw that privilege when the time comes.