This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Airport Security Identity Cards (ASICs)

Summary

A company that processes Aviation Security Identification Cards (ASICs) suffered a data breach in July 2018, compromising personal information of airport workers with security clearances. ASICs are government-issued identity cards that grant access to secure areas of Australian airports, making this breach a significant national security concern. The Australian Federal Police investigated the incident due to the sensitivity of the compromised credentials.

What Happened

Hackers breached the systems of a company contracted to process ASIC applications, accessing personal information submitted by aviation workers seeking security clearances. The compromised data included sensitive identity documents such as driver's licences and passports, along with contact information and dates of birth. These details are required for background checks and security assessments for ASIC issuance.

The breach was discovered when the company detected unauthorised access to its systems. The exact method of intrusion and duration of access were not publicly disclosed, but the incident prompted immediate notification to the Australian Federal Police and aviation security authorities.

Impact on Individuals

The breach affected aviation industry workers who had applied for or held ASICs, including:

  • Airport staff: Ground crew, baggage handlers, maintenance workers
  • Airline employees: Crew and ground operations staff
  • Security personnel: Aviation security officers
  • Contractors: Various service providers requiring airside access

The compromise created several serious risks:

  • Identity theft: Driver's licences and passport details could be used for fraudulent identity creation
  • Security clearance targeting: Details of individuals with airport security access could be valuable to hostile actors
  • Employment fraud: Information could be used to impersonate aviation workers
  • National security concerns: Knowledge of who has access to secure airport areas poses security risks

Affected individuals were advised to monitor their identity documents for misuse and report any suspicious activity to authorities.

Organisational Response

The company that processed ASIC applications responded by:

  • Immediately notifying the Australian Federal Police
  • Alerting aviation security authorities and airport operators
  • Conducting forensic investigation of compromised systems
  • Implementing enhanced security measures
  • Notifying affected individuals whose data was accessed

The Australian Federal Police launched an investigation into the breach, treating it as a matter of national security given the sensitive nature of aviation security credentials.

National Security Considerations

The breach raised significant concerns about the security of Australia's aviation identity and access control systems:

  • Critical infrastructure protection: Exposed vulnerabilities in systems protecting airport security
  • Background check data: Sensitive information used for security vetting was compromised
  • Access control implications: Details of individuals with airside access could assist hostile actors in planning attacks or breaches
  • Government credential systems: Highlighted risks in third-party processing of government security credentials

The incident prompted reviews of security protocols for companies handling sensitive aviation security data and contributed to broader discussions about protecting critical infrastructure information.

Verification Source: View original statement