6th Day of Christmas: Lessons Learned in 2017

Heathrow Airport Data Leak

The Heathrow Airport data leak is definitely different from all of those we have previously spoken about in this series. Rather than a breach from an external source into the digital infrastructure, it looks a completely different type of leak. One that you would never expect to happen! 

In November 2017, a USB stick containing 2.5GB of sensitive data including the Queen’s airport routes, the Queen’s security measures, patrol routes and times, CCTV cameras, escape routes and so much more. Essentially it was a terrorists dream, a Christmas present come early if you will. What is most shocking about all of this, is that it was found lying on the roads of London. The data was unencrypted, not password protected and even labelled confidential (seriously?!).

According to CEO of Heathrow Airport, John Holland-Kaye the USB provided the airport with, “nothing to worry about”. Obviously this could have been avoided!

The information on the drive would have taken sometime to gather. Especially as it is unlikely all of this information was waiting to be copied and pasted in one location. User behaviour analytics could have allowed for this to be detected. Data was moving in a suspicious way to reach that one USB stick so naturally it would have been easy to detect.

Are you using User Behaviour Analytics to ensure your confidential information stays that way- confidential? It is a good job Santa can manage his own flights this Christmas or else his cover may have been blown!

Don’t forget you can follow us on Twitter and LinkedIn to stay up to date with the latest cybersecurity news and biggest breaches.