United Airlines breached by Chinese hackers behind OPM cyber attack - report

Information about passengers using world's second-largest airline now thought to be in the hands of hackers

United Airlines has been hacked by the same Chinese outfit that stole personal data about millions of US citizens from the Office of Personnel Management (OPM), it has been warned.

The cyber attack against OPM resulted in the personal details of over 22 million people being stolen by cyber criminals, but according to a report by Bloomberg, the government department wasn't the only target of the hackers; they breached the networks of United Airlines at around the same time.

United Airlines, the world's second-largest airline group, detected an outside intrusion into its computer systems in May or early June and is now investigating the matter.

According to Bloomberg, "people familiar with the probe" have said the culprits may be the group of Chinese government-backed hackers that previously attacked the OPM and US health insurance provider Anthem.

If the networks of United Airlines have indeed been breached, it raises the possibility of hackers having access to information about the movements of millions passengers, including the origin and destination of their flights.

While that might not sound significant, the hackers could be cross-referencing the information with other data, potentially allowing them to chart the movements of government officials.

"You're suspicious of some guy; you happen to notice that he flew to Papua New Guinea on June 23 and now you can see that the Americans have flown there on June 22 or 23," said James Lewis, a senior fellow in cyber security at the Center for Strategic and International Studies in Washington.

"If you're China, you're looking for those things that will give you a better picture of what the other side is up to."

The breach has led to calls for United Airlines to examine the security of its networks and assess the robustness of the technology and software they use.

"Perhaps United Airlines should reconsider its choice of technologies and vendors that provide controls for privileged access to their systems and databases," said Philip Lieberman, president and CEO of security management firm Lieberman Software, who argued the US government should act to punish those responsible.

"The US government could also serve a useful purpose in providing appropriate consequences to the attackers and their assets. There seems to be little incentive for this attacker to stop these attacks."

Ken Westin, senior security analyst at Tripwire, described the coordinated attacks against United Airlines and other targets as "disturbing".

"Instead of a campaign to breach a single entity, the goal was to compromise multiple disparate sets of data for the purposes of correlation. This correlation would allow the actors to develop targeted profiles of individuals in the United States, particularly those with security clearances, leading to one of the most devastating intelligence compromises we have seen to date," he said.

"Identifying individuals with security clearances and linking that data to travel information is one example of how the combination of this type of data can be exponentially more damaging than the individual data sets alone," Westin added.

Cyber attacks are an increasingly frequent occurrence for governments and businesses. The threat is so significant that Admiral Mike Rogers, director of the National Security Agency and head of United States Cyber Command, recently warned "it is not about if you will be penetrated, but when".