The U.S. Transportation Security Administration is investigating how a hacker stole an old version of the agency’s no-fly list, CNN reports. The stolen data was reportedly stored on an unsecured server owned by Ohio-based airline CommuteAir. A 23-year-old cyber security researcher in Switzerland with the username Tillie Kottmann claimed responsibility for the hack and notified the airline, which said the data was outdated. An individual by the same name was indicted by the U.S. government for allegedly hacking government entities and companies in 2021.