Security firm that protects international travelers suffers security breach
Defense Industrial Base // Education // Energy // Financial Services // Global Organizations // Government (U.S.) // Government (Foreign) // Government (International) // Government Contractor // Healthcare and Public Health // Hospitality // Manufacturing // Nonprofit // Transportation // Other Critical Infrastructure // United States
International SOS, which provides health and emergency response services to visitors abroad, disclosed little about the compromise of client data. Its customers include government agencies and major corporations.
The attacker accessed the company’s traveler-tracking system.
"We detected an unauthorized access in the U.S. to one of our systems, which hosts traveler information related to one of our information technology products," according to a company statement. "We have proactively communicated to a limited group of clients whose travelers' data may have potentially been accessed. This incident remains under investigation and we are committed to providing further updates to our clients."
Typically, a firm like International SOS collects clients’ passenger name records in their entirety, although payment information likely is masked. Some clients only supply flight information and traveler contact details, but even that information “may be valuable to criminals who want to know when a person will not be at home,” according to Business Travel News. “It also could be of value for industrial espionage.”
The publication reported that International SOS “declined to indicate what data was compromised, how many clients were affected, whether the compromised data has been used for malicious purposes, which remedies have been taken and what lessons were learned.”
The traveler services firm delivers public lectures on cybersecurity. On Aug. 5, the company's general manager for group infrastructure projects gave a presentation on “Cyber Security Risk Management: A Front-Line Approach," at an industry convention. Promotional materials for the session read in part: "Corporate information assets, intellectual property and employees' personal information are at risk every day to malicious attacks and prying eyes."
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.