Infamous hacker IntelBroker has allegedly orchestrated a daring CRM data breach against Los Angeles International Airport (LAX), a highly significant institution in the United States.
With audacity, IntelBroker asserts that they have successfully infiltrated the CRM (customer relationship management) database of Los Angeles International Airport, successfully obtaining a substantial amount of classified user information pertaining to owners of private aircraft. This breach, as claimed by the hacker, occurred in February 2024.
CRM Data Breach Exposed Confidential Details
It is crucial to emphasize that this breach does not compromise any customer or traveler data. According to Security Affairs, the attack seems to have led to the exposure of a substantial 2.5 million data records, encompassing confidential details like:
- Full Names
- CPA numbers
- Email addresses (1.9 million unique emails – a total of 15,8000 emails after eliminating duplicates).
- Company names
- Plane model numbers
- Tail numbers (pertaining to the identification number displayed on an aircraft’s tail)
Security Flaw Led to CRM Data Breach
IntelBroker revealed that they took advantage of a security flaw in the airport’s Customer Relationship Management (CRM) system to obtain unauthorized entry into the database, reports HackRead. This incident underscores the urgent requirement for companies to enhance their cybersecurity protocols in response to the increasing risks posed by proficient hackers such as IntelBroker.
Additional cybersecurity incidents associated with IntelBroker include the security breaches of Hewlett Packard Enterprise (HPE) and the Weee! grocery service, along with an alleged breach of General Electric Aviation. This consistent behavior not only underscores the group’s technical prowess but also signifies a growing threat to industries that rely on digital infrastructure.
LAX CRM Data Breach Is Great Concern
“The privacy and security risks resulting from the CRM data breach at LAX are of great concern for the individuals whose personal information has been exposed,” commented Tim Royston-Webb, CEO, SentryBay. “The disclosure of CPA numbers, aircraft tail numbers, and other sensitive details could potentially be exploited for fraudulent activities or pose a threat to the safety of individuals and their assets. This CRM data breach serves as a clear reminder of the critical need to protect personal and operational data within the aviation industry.”
In today’s digital economy, CRM systems are indispensable tools for managing customer interactions, storing sensitive documents, and securing business data accessible from anywhere. However, the intrinsic value of these data repositories also makes them a prime target for cybercriminals. The most prolific malware possesses capabilities like keylogging and illegal screen capturing, exacerbating the risk landscape for CRM systems. These threats are particularly pernicious because they can capture keystrokes and screen information, allowing hackers to obtain usernames, passwords, and other confidential data as they are entered. Given the richness of data stored in CRM systems, a breach can lead to serious consequences, including financial loss, reputational damage, and regulatory non-compliance.
SentryBay Shields Against CRM Data Breaches
“At SentryBay, we’ve developed cutting-edge solutions tailored to shield software applications from the type of CRM data breach reported at Los Angeles International Airport” said Brent Agar, VP Strategic Partnerships, SentryBay. “Our technology secures data right from the input stage, during login, and even when sensitive corporate information is viewed. This proactive approach not only prevents unauthorized data capture but also ensures that all interactions with the CRM are conducted within a secure environment.”
