Virgin America praised for cyber breach response

Virgin America’s detection and response to a data breach has been praised by security commentators

Virgin America has alerted employees and contractors to a potential data breach after its security monitoring systems identified unauthorised access to it corporate network.

The airline said in a letter to staff that a cyber intrusion may have resulted in the exposure of the user credentials of some employees and contractors.

Virgin America said it had detected an intrusion into its IT systems in mid-March 2017 and that an investigation indicated that some usernames and passwords for its corporate network may have been exposed.

Virgin America said it had initiated its incident response plan and taken immediate steps to respond to the intrusion, including taking measures to mitigate the impact to affected individuals.

The company said it had also engaged cyber security experts to investigate, notified law enforcement, and told employees and contractors to reset passwords.

Virgin America said it has changed our password policies in response to the incident, and will now require employees and contractors to change their passwords every 90 days.

According to reports, just over 3,000 user credentials may have been compromised, while 110 employees may have had their addresses, social security numbers and driver’s licence data stolen.

Although financial information is not believed to have been affected, Virgin America has advised staff to check bank and credit card statements and credit reports for unauthorised activity.

Virgin America said the breach affected only employee data on its corporate network and that there had been no effect on Alaska Airlines, which acquired Virgin America in a $2.6bn deal in 2016.

“We did not identify evidence that this affected any Alaska Airlines employees or systems. Customer data for Virgin America and Alaska Airlines was not affected,” the company said in a statement sent to Computer Weekly.

“We take the protection of personal information seriously. We are in the process of notifying potentially impacted employees, contractors, and vendors about this issue and are providing them with guidance and resources to protect themselves,” the statement said.

The company said it has implemented additional security policies, procedures and tools to enhance its cyber security, and will continue to evaluate additional security enhancements.

Read more about data breaches

Javvad Malik, security advocate at AlienVault, said while it is still unclear who breached Virgin America’s systems and how, it is good that the company was able to detect the breach.

“The fact that Virgin was able to detect the breach itself demonstrates the value and requirement in having good security monitoring and threat detection capabilities in place to discover breaches rapidly to minimise impact,” he said.

Andrew Clarke, European director at One Identity, said Virgin America has demonstrated that its use of a best practice, pro-active approach in security monitoring activities enabled their security team to identify an attempt to access their internal systems where staff and contractor information was stored. 

“Often companies are unaware that these incidents have even taken place. Moreover, they clearly had well-practiced plans to mitigate the impact of the risk and ensure the affected individuals were notified,” he said.

Clarke said that often these type of incidents are as a result of a hacker getting privileged access which enables them to navigate the target company’s network with ease.

“To stop such an incident from occurring in the first place, companies are now placing privilege accounts under central control – enabling them to safeguard credentials that in the wrong hands can cause an incident,” he said.

Although it was good that Virgin America was aware of the security breach and notified the affected parties, security specialist at Eset, Mark James said it was not good that the cyber intruders were able to get away with data that cannot be changed.

“It is a lot easier to cancel or change a credit card than it is to change the info stolen such as social security numbers, which could be used to gain more info, carry out identity theft or be used as a basis of trust to communicate with others,” he said.

Read more on Hackers and cybercrime prevention