BEARDED BILLIONAIRE FLIGHT BRIGADE Virgin America has confessed to a breach on its systems and written to its employees to tell them that they are impacted in some way.
According to the letter, and Softpedia, the problem was discovered in early March, which means that Virgin sat on its advice sheet for a couple of months. However, the fact that it discovered the issue itself does save it some face.
"On March 13, 2017, during security monitoring activities, our data security team identified potential unauthorized access to certain Virgin America computer systems," it said.
"We immediately took steps to respond to the incident, including initiating our incident response protocol and taking measures to mitigate the impact to affected individuals. We retained cybersecurity forensic experts to investigate the incident and reported the matter to law enforcement. Nevertheless, it appears that a third party may have accessed information about certain Virgin America employees.
Victims will have endured the loss of official work logins, and presumably a lot of them. Virgin said that the access was unauthorised, no way!
"The unauthorized third party gained access to your login information and password that you use to access Virgin America's corporate network," it explained.
"We immediately initiated our incident response plan, engaged cybersecurity experts to investigate, and notified law enforcement. We also began immediately remediating affected Virgin America systems, which included telling all Virgin America employees and contractors to reset their passwords."
Sounds like some changes that should have been made much earlier. If Virgin America is just sending this out then employees would have been leaky buckets for a couple of months now. We've contacted VA, if we don't hear back soonish we might hit the dark web and buy a couple of logins for the company intranet. Except, we definitely will not.
The good news for Virgin America is that not everyone is hating on it over the breach, and at least one security company applauded it for catching the leak before anyone else did.
"While details aren't clear as to who breached Virgin America's systems, or how," said Javvad Malik, security advocate at AlienVault.
"The fact that Virgin was able to detect the breach itself demonstrates the value and requirement in having good security monitoring and threat detection capabilities in place to discover breaches rapidly in order to minimise impact." µ
C3-PO, R2-D2, BB-8 and other Androids
Helpful cyber vigilante gets short changed by customer services
...you know, now it's less confusing...
Firm will no longer provide updates for its first Android mobe