arik air security breach

Arik Air Data Breach, Affecting 600,000 Payment Transactions

From recent events, airlines have been the new target for cybercriminals to compromise sensitive, personal information and payment information.  The new victim of a data breach is Arik Air, compromising a little under 600,000 payment transactions.

Compromised data includes device fingerprints, names, email addresses, the last four digits of credit cards, and IP addresses. The head of Trust and Safety at Cloudfare, Justin Paine, discovered this breached information.

“After concluding the CSV files were very likely owned by Arik Air (or their payment processor) I immediately attempted to make contact with Arik Air to notify them of this data leak,” Paine said. “To say this process was challenging would be an understatement. I can confirm roughly 1 month after notice was provided that action has finally been taken to secure the S3 bucket.”

The leaked data contained 994 CSV files, with files of customers’ information collected between December 31, 2017 to March 16, 2018.  Within these files disclosed about 54,011 unique names, 41,304 unique device fingerprint, 65,412 unique emails, and 570,210 unique card transactions; 437,457 of those were made using Mastercard and 97,713 using Visa.

Most of the affected customers appeared to be Nigerians or based in Nigeria.  According to Paine, the breach was only acknowledged in an email sent to him on September 24, 18 days later after his initial contact with Arik Air.  The breach was fixed soon after the email.

Original Article Found Here.