A Swedish hacker discovered the Transportation Security Administration's No Fly List and its 1.5 million entries on an unsecured server, The Daily Mail Reports.
The list includes many names of Middle Eastern heritage, prospective IRA members and the recently released Russian weapons dealer Viktor Bout, according to The Daily Dot.
According to the date of birth listed, another person was reported as being 8 years old.
The hacker, who goes by the name "maia arson crimew," wrote on a blog that the server run by airline CommuteAir was viewable by the public over the internet. It showed company data including private information on about 1,000 of the airline's employees.
The list "is indeed a copy of the No Fly List from 2019" which includes airline employee names, addresses, passport numbers and pilots' license numbers," according to the Mail.
“TSA is aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners,” a spokesperson for the TSA told Vice's Motherboard blog.
CommuteAir spokesperson Erik Kane told the Mail there was a "Misconfiguration, which caused the server to be exposed.
"The researcher accessed files, including an outdated 2019 version of the federal no-fly list that included first and last name and date of birth," Kane added.
"Additionally, through information found on the server, the researcher discovered access to a database containing personal identifiable information of CommuteAir employees."
No customer information appears to have been breached, the airline told Vice.
The hacker admitted stumbling upon the No Fly List through simple boredom.
"Hardcoded credentials there would allow me access to navblue apps for refueling, canceling and updating flights, swapping out crew members and so on," crimew wrote.
On hearing the news, Rep. Dan Bishop, R-N.C., wrote on Twitter: "Besides the fact that the list is a civil liberties nightmare, how was this info so easily accessible? We’ll be coming for answers."
© 2025 Newsmax. All rights reserved.