Cybersecurity expert: Stewart Airport documents exposed online

Image 1 of 2

Stewart International Airport in Orange County, New York, is a fairly small airport with a big problem.

Chris Vickery is a data security expert in California. Part of his job is to find private information exposed to the public and then let the companies or agencies know about their security lapse. That is exactly what he did with Stewart International Airport earlier this month. 

"I found that what's known as the remote synchronization service at this IP address was open and exposed to the entire world," Vickery said. "Anybody with an Internet connection could have downloaded from it."

Chris was then shocked to see the documents he easily downloaded from the server: tons of information about Stewart International Airport.

"When I opened it, it contained all sorts of airport data," Vickery said. "It had folders named 'HR,' 'Payroll.' It had employees' Social Security numbers as well as 107 gigabytes of email correspondence."

Chris says he immediately called the airport management company and then the Port Authority, which owns the airport. He let them know about the dangerous security breach. Several hours later, the public server shut down.

In a statement, the Port Authority said: "Based on our investigation, the Port Authority network has not been compromised and remains sound. AVPorts, an independent contractor that handles various airport functions including serving as security manager at Stewart International Airport, maintains a separate system for administering those responsibilities. Our investigation into AVPorts separate system is ongoing."

We also reached out to the TSA, which said it takes these allegations very seriously and is reviewing the incident.