After terrorist attacks against the United States on September 11th, 2001, a screening program involving airlines was created to compare passenger records with federal data to keep dangerous people from flying to and from the country. Over twenty years later, a hacker, who goes by the name Maia Arson Crimew, infiltrated an unsecured computer server hosted by CommuteAir, a regional airline based in Ohio, CNN reported. Along with the No-fly list, the hacker was able to access the names, birthdays and the last four digits of Social Security numbers of current and former CommuteAir employees.

“It should never be this easy to just completely (breach) an entire airline,” the hacker says. According to CNN, Maia Arson Crimew, who was formerly known as Tillie Kottmann, was indicted by a US grand jury in 2021 for being part of a conspiracy that hacked dozens of companies and government organizations and posted the stolen data online. She claims that she wanted to prove the bias and discrimination towards those with Russian and Arabic sounding names. “It’s just crazy to me how big that Terrorism Screening Database is, and yet, there is still very clear trends towards almost exclusively Arabic and Russian sounding names throughout the million entries.”

Since the data breach, The Transportation Security Administration says they continue the investigation of a “potential cybersecurity incident.” CommuteAir had said in a memo that they are working closely with law enforcement, but that the hacker had accessed “an outdated 2019 version of the federal no-fly list.” They have not yet followed up with comments about the private information of their current and former employees being obtained and released publicly.