[BreachExchange] TRANSAVIA DATA LEAK COULD AFFECT 80, 000 PASSENGERS
Destry Winant
destry at riskbasedsecurity.com
Tue Feb 25 10:19:43 EST 2020
https://nltimes.nl/2020/02/24/transavia-data-leak-affect-80000-passengers
The data of 80 thousand Transavia passengers leaked out after an
e-mail inbox containing the data was breached, the Dutch low-cost
flyer said on Monday. The data that was released includes passengers’
full names, date of birth, flight information, booking number, luggage
purchase, and additionally requested services like wheelchair
assistance.
The KLM subsidiary said the data was in a file in the mailbox, but it
did not say why the years-old passenger information was being kept
that way.
Affected passengers include anyone who flew on the airline between
January 21 and January 31, 2015. The only passengers whose data was
not included are those who traveled to the Canary Islands, Egypt, or
the Lapland region of Finland.
“We have recently found that there has been a case of unwanted access
to a Transavia mailbox,” the airline said in a statement to
passengers. “Despite the fact that this concerns data from the
beginning of 2015 and that it did not contain sensitive data such as
address data, credit card information or passport information, we
personally inform the passengers involved about this event.”
The airline stopped short of saying a hacker stole the data, only
stating that it was a form of “unwanted access.”
Transavia said it would individually contact those passengers whose
data was possibly taken through the e-mail address used when booking
the travel five years ago. Tour operators and travel agencies were
already notified.
“After investigation, we have no reason to believe that the unwanted
access to the mailbox was aimed at obtaining this data. In addition,
practice shows that with this combination of data (name, date of birth
and flight data) the chance of abuse is minimal,” Transavia said.
The airline pledged to improve its cybersecurity measures to prevent recurrence.
More information about the BreachExchange
mailing list