http://www.businesstravelnews.com/Worldwide-Travel/Travel-Security-Firm-International-SOS-Victimized-By-Cyber-Attack/
By Amon Cohen
Business Travel News
September 11, 2013
International SOS, which claims to be "the world's largest medical and
security services company," suffered a cyber-attack on its
traveler-tracking system. A source told BTN the incident took place Aug.
28.
"We detected an unauthorized access in the U.S. to one of our systems,
which hosts traveler information related to one of our information
technology products," according to a company statement provided to BTN.
"As soon as we were made aware of the incident, we immediately took steps
to investigate and mitigate against further incidents, as well as notified
the appropriate law enforcement authorities. We have proactively
communicated to a limited group of clients whose travelers' data may have
potentially been accessed. This incident remains under investigation and
we are committed to providing further updates to our clients."
International SOS declined to indicate what data was compromised, how many
clients were affected, whether the compromised data has been used for
malicious purposes, which remedies have been taken and what lessons were
learned.
BTN spoke to representatives of three International SOS clients who
confirmed they had been contacted by the company about the incident.
In its marketing materials, International SOS claims to have "pioneered
travel tracking technology." Generally, a security company like
International SOS works on traveler tracking in cooperation with the
client's travel management company. The TMC usually exports the client's
passenger name records in their entirety to the traveler-tracking company,
although payment information likely is masked. Some companies specify that
only flight information and traveler contact details are transmitted,
although even this information may be valuable to criminals who want to
know when a person will not be at home. It also could be of value for
industrial espionage.
Ironically, International SOS delivers public lectures on cyber-security.
On Aug. 5, the company's general manager for group infrastructure projects
Jonathan Bar presented at the Global Business Travel Association
convention in San Diego. Pre-conference information on the session, titled
"Cyber Security Risk Management: A Front-Line Approach," read in part:
"Corporate information assets, intellectual property and employees'
personal information are at risk every day to malicious attacks and prying
eyes."
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
