Breach, Threat Intelligence, Data Security

United reportedly hacked by same group that breached Anthem, OPM

A previously unannounced breach at United Airlines could be the work of Chinese hackers who allegedly pilfered information from insurance company Anthem and the Office of Personnel Management (OPM), and are aiming at amassing data on millions of American government officials and private citizens.

The United breach occurred around the same time as the other two high-profile compromises, according to a Bloomberg report. Citing three people close to the United investigation, the report said investigators believe the attack to be the work of hackers backed by China who previously stole security background check data from OPM and medical records from Anthem.

“If investigators are accurate in attributing these attacks to the same group, they have amassed a vast database of information that could be used for multiple purposes, from economic espionage to political gain,” Tim Erlin, director of IT security and risk strategy for Tripwire, said in comments emailed to “How they connect these data points together will determine the outcome, but it's clearly not good for the United States.”

Stewart Draper, director of insider threat at Securonix, said, in comments emailed to, that the “constant onslaught of attacks on airlines should drive home to the airline industry and it makes up a critical part of infrastructure that appeals to nation states and hacktivist groups” and must “do a better job harden their systems.”  Draper called for the Federal Aviation Administration (FAA) “to prioritize industry level discussions around cyber security.” 

Indeed Kevin Foisy, chief software architect and co-founder of STEALTHbits, contended in comments emailed to that when “major infrastructure” is attacked, “ it's hard not to imagine a state-sponsored connection.”

Harkening to the “Art of War,” Foisy explained that “on the surface, there's sensitive data loss, but the bigger picture is the know-how being gained in ongoing successful penetration of infrastructure.”

Calling these incursions “undoubtedly training grounds for the real attacks that could come in the event of war,” Foisy said “recent breaches in the area of finance and transportation should serve as a warning for the crippling effects of an e-attack to a technology dependent nation in a time of conflict.”

But a United spokesperson told that “reports are based on pure speculation.” The airline said the personal information of customers is secure and noted it remains “vigilant in protecting against unauthorized access and [uses] top advisors and best practices on cyber-security to maintain our effectiveness.”

Monzy Merza, chief security evangelist of Splunk, said the United hack highlights an inability to adequately detect cyber attacks. In comments emailed to, he explained that “IT infrastructures are very complex” and there isn't “enough visibility or understanding.”

Merza explained that “it's incredibly difficult to determine what is an attack and what is an unintended consequence of a system malfunction or even human error.”

Because the investigation of United's breach is in its early days, details are scarce as to “how the attackers succeeded in penetrating United Airlines systems,” Erlin noted. It will likely take months to reveal more, he said, adding that “it's imperative that details are shared with other organizations so that we can collectively improve defenses.”

Paul Kurtz, former cybersecurity advisor to the White House and current CEO of TruSTAR Technology, concurred. “This hack on United Airlines drives home the imperative that we must share actionable incident reporting more systematically and collaborate to defend against hackers,” Kurtz said in comments emailed to  “If security teams work together the way scientists come together to collectively find cures and manage health risks, we would have a better chance of stopping cascading attacks across multiple sectors.”

Kurtz noted that “the bad guys have perfected the art of sharing exploits and vulnerabilities immediately for nefarious purposes” and called for “a new paradigm of enabling the good guys to share and collaborate in addition to continuing to improve enterprise security.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.