Former Airline Employee Sentenced For Hacking PenAir’s Ticketing And Reservations System
Anchorage, Alaska – U.S. Attorney Bryan Schroder announced today that a former airline employee has been sentenced in federal court for hacking PenAir’s ticketing and reservation system between April and May 2017.
Suzette Kugler, 59, of Desert Hot Springs, California, was sentenced today by U.S. District Judge Sharon L. Gleason, to serve five years of probation, and 250 hours of community service. Kugler, who has no prior criminal history, previously pleaded guilty as charged to the felony offense on Jan. 26, 2018, to one count of fraud in connection with computers. As part of the plea agreement, Kugler agreed to pay $5,616 in restitution to PenAir, paid in full by the time of sentencing.
According to court documents, Kugler was a long-time employee of PenAir, who parted ways with the company in February 2017, dissatisfied with the circumstances surrounding her departure. During her employment, Kugler had administered PenAir’s Sabre database system, which the airline depended on for ticketing and reservations. The investigation revealed that, upon retirement, Kugler used her specialized knowledge regarding the Sabre database to create fake employee accounts with high-level privileges, without authorization, and then used those accounts to destroy critical information in a series of network intrusions. It was discovered that the primary fake employee account used in the intrusions was created by Kugler a week before she left the company.
Kugler’s unauthorized network intrusions were intended to prevent employees in any of the eight airports serviced by PenAir from being able to book, ticket, modify, or board any flight until the stations were again added in the system. PenAir personnel worked through the night to bring the stations back online.
The Court at sentencing commended PenAir for remediating the damage caused by Kugler before it resulted in significant disruption for air travelers in Alaska and other states.
Special Agents with the Cyber Unit of the Anchorage Division of the Federal Bureau of Investigation (“FBI”) conducted the investigation leading to the successful prosecution of this case. This case was prosecuted by Assistant U.S. Attorney Adam Alexander.