Cyber Incident Victim: Norwich International Airport

In November 2015, Norwich International Airport's website suffered a security breach perpetrated by an individual using the pseudonym "His Royal Gingerness" (HRG). The hacker infiltrated the website and extracted names and email addresses from a database associated with the site's media center registration system. HRG contacted the BBC to disclose the intrusion, stating his primary motivation was to demonstrate the website's vulnerabilities rather than cause operational harm. He claimed the hack required only two to three minutes to execute and emphasized conducting such activities to test modern system weaknesses. The airport's management, including General Manager Richard Pace, confirmed awareness of the breach approximately one month prior to the BBC report and stated corrective changes were underway at the time of disclosure. Pace clarified that the compromised system was a standalone website with no interconnection to the airport's operational networks or physical security infrastructure, asserting no commercial or sensitive operational data had been accessed.

The airport conducted an internal review concluding the incident did not meet thresholds for mandatory reporting to the UK Information Commissioner's Office (ICO), citing insufficient data volume and sensitivity of the exposed information—limited to media center registrants' contact details. HRG contested the airport's remediation claims, alleging he re-tested the website a month after initial notification and found identical vulnerabilities persisting. The ICO confirmed no breach referral had been received from the airport, noting that while serious breaches were encouraged to be reported under Data Protection Act guidelines, no legal obligation existed for this incident. No evidence emerged of further exploitation of the stolen data, and the airport maintained public assurances regarding the segregation between its informational website and critical aviation systems throughout the disclosure period.