Talk With an Expert

United Airlines May 2015 Data Breach: Suggested Near, Mid and Long-Term Mitigating Actions Using the 20 Critical Security Controls

United Airlines May 2015 Data Breach: Suggested Near, Mid and Long-Term Mitigating Actions Using the 20 Critical Security Controls (PDF, 13.43MB)Published: 23 Nov, 2015
Created by
Philip G. Rynn

In May 2015 it was widely reported that United Airlines detected a systems breach thatcompromised its customers' flight records, in addition to other data. This theft ofpassenger manifests is believed to have been perpetrated by the same attackers that stoleup to 21.5 million social security numbers from the U.S. Office of PersonnelManagement (OPM) and medical records from Anthem Blue Cross in 2014-2015. Usingopen-source internet research methods, this paper examines the nature of the breach, andproposes specific near, mid and long-term actions that should be taken by UnitedAirlines' senior security staff, using the Top 20 Critical Security Controls, to mitigate theimpact of the system breach and to reduce the likelihood of further incidents. This paperis written from the view of an external security consultant addressing United Airlines'senior security staff via a formal, written report.