Page 10 - IMDR Journal 2025
P. 10
Research Article
CYBERSECURITY AND DATA PRIVACY IN
THE AVIATION INDUSTRY
1
1
Pushkraj Sonawane , Mohanish Kharkar , Pratik Kakade 1
ABSTRACT
The two significant incidents of cybersecurity in the aviation industry discussed in this paper are the March 2020 hack at San
Francisco International Airport (SFO) and the 2018 hack of British Airways (BA) data. It finds out why they happen, how
extensive they are, and how damaging they are, and it examines them, using known frameworks: the NIST Cybersecurity
Framework, ISO/IEC 27001, and corporate governance principles. We comment on strategic insights and implications of the
case of management in airports and air travel, as well as on investment and policy aspects. The analysis points out the role of
poor practice in the identification of risks, protective measures, as well as governance in the incidents, and the necessity of
taking an offensive stance in cybersecurity approaches. Each discussion question is taken into account, with the help of which
the paper provides some insight into how the risks can be reduced with the help of formal frameworks, the policy of the board
of directors, transparency of breach response, cost/benefits of any investment into security, and reputation. In conclusion, the
idea that cybersecurity should be part of business strategy and corporate culture in order to secure important aviation
infrastructure and customer information is hammered home.
KEYWORDS Cybersecurity, Aviation industry, Data privacy.
INTRODUCTION SFO Cyber Attack (March 2020)
The fast migration of airport and airlines functionalities to Back in March 2020, the San Francisco International Airport
digitalisation has made the processes highly efficient and suffered a cyber attack. Reported that its two subsidiary
customer-friendly; however, it has completely made these websites had been hacked by cybercriminals. The involved
organisations vulnerable to the growing cyberattacks. The websites were the SFOConnectcom (employee news site to
airports and airlines have access airport resources) and SF Construction (information
on airport works).
Sensitive financial and personal records are a sweet piece of
target for any attacker. Two cases of the cyberattack that According to airport authorities, unknown attackers
occurred in San 3 Francisco International Airport can be “inserted malicious computer code” on these websites to
given in March 2020. The (SFO) and the July-September steal login credentials from users. The compromised users
2018 data breach in British Airways (BA). were primarily airport employees and contractors who
accessed the sites from devices outside the airport network.
In the event of the SFO incident, the hackers managed to The stolen credentials (usernames and passwords) were
hack the web portals of the airports, with the malicious code likely intended to facilitate further infiltration of airport
being installed in order to get the employee login details. systems (a form of “Magecart” style attack).
The malicious hacks crept into the BA site and application
and drained the information involving names, addresses and Airport officials discovered the breach after notice from
payment cards. The number of customers amounts to security researchers and took both sites offline. They found
hundreds of thousands. These incidents confirm that that the code had allowed the attackers to capture Windows
cybercrime and the possibility of exploiting loopholes in account credentials. San Francisco Airport (SFO)
cybersecurity measures can lead to mass data theft and announced a data breach. They told users affected by the
reputation loss.Each of the breaches is described as a case in breach to reset their passwords. The airport quickly removed
the paper with the help of an analytical framework (NIST the harmful code, reset many passwords, and improved their
CSF, ISO/IEC. The (27001 and corporate governance to security checks.
study what has caused it to go wrong, and also give strategic At first, it looked like the hackers did not use the stolen
implications on what to do to strengthen the security. passwords to access other parts of the airport’s network. The
Our final question is asked as a list of fix-it discussion breach showed that the airport's web systems had
questions concerning how frameworks might have been weaknesses. There was no tool in place to detect harmful
different to prevent the breaches, how the right board software. Also, websites not used by the public were not well
policies can be implemented after the breaches, and the role protected, which made it easier for hackers to get in.
of faith transparency, investment trade-offs offs and British Airways Data Breach (2018)
reputation clean-up process.
In September 2018, British Airways said its app and website
Case Background were hacked. The breach lasted from August 21 to
Corresponding author: pratikoct2000@gmail.com
1
Institute of Management Development and Research, Pune
Cite this Paper :
Pushkraj, S., Mohanish, K., Pratik, K., (2025)
Cybersecurity and Data Privacy in the Aviation Industry, JMDR
1
