This is embarrassing.
A cybersecurity hacktivist appears to have leaked the Transportation Security Administration’s No Fly List, a highly sensitive document, after discovering it on an unsecured server, the Daily Dot reports.
Unsurprisingly, the TSA is now investigating how the data was exposed.
It's an egregious lapse in cybersecurity protocols that has already outraged members of Congress, who "will be coming for answers," as representative Dan Bishop, a Republican congressman who serves on the House Homeland Security Committee, put it.
"The entire US no-fly list — with 1.5 million+ entries — was found on an unsecured server by a Swiss hacker," Bishop tweeted. "Besides the fact that the list is a civil liberties nightmare, how was this info so easily accessible?"
The incident couldn't have come at a worse time. The last couple of months have been chaotic for the TSA. Earlier this month, for instance, a computer issue forced the Federal Aviation Administration (FAA) to ground thousands of flights.
A text file simply named "NoFly.csv" was found on a server run by US airline CommuteAir — for practically anybody to discover and download, the Daily Dot reports.
The document includes the list of names and aliases of anybody barred from boarding an aircraft in the US, a subset of individuals on the Terrorist Screening Database.
Its existence has been challenged by many privacy groups and civil liberties advocates over the years.
The extensive list reportedly included a recently freed Russian arms dealer, suspected members of the Irish paramilitary organization IRA, and an eight-year-old child.
Many of the entries also "appeared to be of Arabic or Middle Eastern descent," according to the report.
"It’s just crazy to me how big that Terrorism Screening Database is and yet there is still very clear trends towards almost exclusively Arabic and Russian sounding names throughout the million entries," the hacker told the Daily Dot.
The document even included sensitive personal data of more than 900 CommuteAir employees, including passport numbers and addresses.
It's an embarrassing incident that goes to show just how vulnerable these databases are to being leaked to the general public.
And that's not to mention the fact that the TSA is a fundamentally broken, unjust, and bloated organization that does little to justify its own existence in the first place.
READ MORE: EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server [Daily Dot]
More on the TSA: The FBI Says Apple’s New Encryption Is “Deeply Concerning”