A data broker owned by some of America’s biggest airlines has been selling access to customer flight data to the US Department of Homeland Security (DHS).
The data, compiled by data broker Airlines Reporting Corporation (ARC), includes names, flight itineraries, and financial details. It also covers flights booked via US travel agencies. ARC makes this data available to Customs and Border Protection (CBP), along with Immigration and Customs Enforcement (ICE), both of which were previously known as the US Customs Service until 2003, and both of which are offices under DHS. ARC is owned and operated by eight major US airlines and is unique in being the only financial intermediary between the airline industry and US travel agencies, according to the data broker’s contract with ICE.
Read more…
Source: Malwarebytes Labz
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Man to plead guilty to hacking US Supreme Court filing system
January 13, 2026
A resident of Springfield, Tennessee, is expected to plead guilty to hacking the U.S. Supreme Court’s electronic document filing system dozens of times over several months. Prosecutors say between August and October 2023, Nicholas Moore, 24, “intentionally accessed a computer without authorization on 25 different days and thereby obtained information from a protected computer,” according to ...
- Paris releases Russian athlete accused by Washington of hacking attempts
January 10, 2026
Authorities in France have released a Russian national accused by the United States of participating in hacking attacks on companies for ransom in cryptocurrency. The man has been exchanged for a French citizen held in Russian custody, instead of being handed over to the U.S. The swap has been compared to the Griner case. Daniil Kasatkin, a ...
- 10 emergency directives retired as CISA declares them redundant
January 9, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) retired ten Emergency Directives (ED) it issued between 2019 and 2024, saying they achieved their purpose and are no longer needed. In a short announcement published on its website, CISA said the EDs have either been successfully implemented or are now encompassed through Binding Operational Directive (BOD) 22-01, ...
- North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities
January 8, 2026
The Federal Bureau of Investigation (FBI) is releasing this FLASH to alert NGOs, think tanks, academia, and other foreign policy experts with a nexus to North Korea of evolving tactics employed by the North Korean state-sponsored cyber threat group Kimsuky and to provide mitigation recommendations. As of 2025, Kimsuky actors have targeted think tanks, academic institutions, ...
- CISA warns of active attacks on HPE OneView and legacy PowerPoint
January 8, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) added both a newly discovered flaw and a much older one to its catalog of Known Exploited Vulnerabilities (KEV). The KEV catalog gives Federal Civilian Executive Branch (FCEB) agencies a list of vulnerabilities that are known to be exploited in the wild, along with deadlines for when they ...
- Illinois health department exposed over 700,000 residents’ personal data for years
January 8, 2026
The health department for the U.S. state of Illinois has confirmed that a years-long security lapse exposed the personal information of more than 700,000 state residents. The Illinois Department of Human Services (IDHS) said in a statement on January 2 that an internal mapping website containing residents’ personal information, which officials used for assisting with the ...