A data broker owned by some of America’s biggest airlines has been selling access to customer flight data to the US Department of Homeland Security (DHS).
The data, compiled by data broker Airlines Reporting Corporation (ARC), includes names, flight itineraries, and financial details. It also covers flights booked via US travel agencies. ARC makes this data available to Customs and Border Protection (CBP), along with Immigration and Customs Enforcement (ICE), both of which were previously known as the US Customs Service until 2003, and both of which are offices under DHS. ARC is owned and operated by eight major US airlines and is unique in being the only financial intermediary between the airline industry and US travel agencies, according to the data broker’s contract with ICE.
Read more…
Source: Malwarebytes Labz
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- One million customers on alert as extortion group claims massive Brightspeed data haul
January 7, 2026
US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information (PII), as well as account and billing details. Brightspeed is one of the largest fiber broadband providers in the US and serves customers across ...
- US cyber attacks plunged Caracas into darkness
January 4, 2026
US cyber attacks cut off power to large areas of Caracas to allow planes and helicopters to strike key military sites and capture Nicolás Maduro. Cyber command, space command and other American agencies layered effects to ensure more than 150 of its planes, drones and helicopters could approach the Venezuelan capital undetected. Cyber operators blacked out ...
- Cybercrook claims to be selling infrastructure info about three major US utilities
January 2, 2026
A cybercrook claims to have breached Pickett and Associates, a Florida-based engineering firm whose clients include major US utilities, and is selling what they claim to be about 139 GB of engineering data about Tampa Electric Company, Duke Energy Florida, and American Electric Power. The price is 6.5 bitcoin, which amounts to about $585,000. Based in ...
- US removes three spyware-linked executives from sanctions list
December 31, 2025
Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou – three individuals who were sanctioned by the US for alleged links to commercial spyware products, have had their bans lifted recently. In a new press release published by the US Office of Foreign Assets Control (OFAC) earlier this week, it was briefly stated ...
- U.S. DOJ: Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware
December 30, 2025
Yesterday, a federal district court in the Southern District of Florida accepted the guilty pleas of two men to conspiring to obstruct, delay or affect commerce through extortion in connection with ransomware attacks occurring in 2023. “These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime ...
- U.S. DOJ: Disney Agrees to $10M Civil Penalty and Injunction for Alleged Violations of Children’s Privacy Laws
December 30, 2025
The Justice Department announced today that a federal court has entered a stipulated order resolving a case against Disney Worldwide Services Inc. and Disney Entertainment Operations LLC, (collectively, Disney). The Federal Trade Commission (FTC) investigated this matter, negotiated a resolution with Disney, and referred the case to the Department. Under the order, Disney will pay $10 ...