ZDNet has found that a security lapse at Stewart International Airport in New York left its server backups and disk images without password protection, exposed on the open internet, for almost a year.
The airport was backing up unprotected copies of its systems accounting for hundreds of gigabytes of files and folders to a drive installed by a contracted third-party IT specialist.
Many were "confidential" internal airport documents, containing schematics and details of core infrastructure, while some belonged to Homeland Security agencies. The breach could allow a hacker to manipulate boarding passes and other passenger information, including bypassing no-fly orders.