A former employee of Alaskan regional airline PenAir has pleaded guilty to felony fraud associated with hacking attacks against the company’s ticketing and reservation system in the spring of 2017, announced the US Department of Justice. Suzette Kugler, 59, was sentenced to five years of probation and 250 hours of community service.
After working for PanAir for almost 30 years, Kugler was “dissatisfied with the circumstances surrounding her departure.” As PanAir’s director of system support, she was in charge of administering the Sabre database system which was vital to ticketing and reservations. After she retired, Kugler used her knowledge of the database to create fake employee accounts.
Assigned with high-level privileges, she used the accounts to destroy information and keep legitimate employees at eight airports from making any flight changes, including booking, ticketing or boarding flights. Research revealed Kugler actually started creating fake profiles in her last week of work. This caused a major service interruption across multiple states.
“Kugler used her specialized knowledge regarding the Sabre database to create fake employee accounts with high-level privileges, without authorization, and then used those accounts to destroy critical information in a series of network intrusions,” reads the DOS release. “It was discovered that the primary fake employee account used in the intrusions was created by Kugler a week before she left the company.”
Kugler was caught after tracking her VPN logs.
PenAir officials have made no comment.
In 2017, PanAir filed for bankruptcy, keeping only local operations.