Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label passenger information. Show all posts
USA
Data collection ICE passenger information Privacy USA

U.S. Homeland Security Reportedly Buys Airline Passenger Data from Private Brokers

 



In the digital world where personal privacy is increasingly at risk, it has now come to light that the U.S. government has been quietly purchasing airline passenger information without public knowledge.

A recent report by Wired revealed that the U.S. Customs and Border Protection (CBP), which operates under the Department of Homeland Security (DHS), has been buying large amounts of flight data from the Airlines Reporting Corporation (ARC). This organization, which handles airline ticketing systems and works closely with travel agencies, reportedly provided CBP with sensitive passenger details such as names, full travel routes, and payment information.

ARC plays a critical role in managing airfare transactions worldwide, with about 240 airlines using its services. These include some of the biggest names in air travel, both in the U.S. and internationally.

Documents reviewed by Wired suggest that this agreement between CBP and ARC began in June 2024 and is still active. The data collection reportedly includes more than a billion flight records, covering trips already taken as well as future travel plans. Importantly, this data is not limited to U.S. citizens but includes travelers from around the globe.

What has raised serious concerns is that this information is being shared in bulk with U.S. government agencies, who can then use it to track individuals’ travel patterns and payment methods. According to Wired, the contract even required that the government agencies keep the source of the data hidden.

It’s important to note that the issue of airline passenger data being shared with the government was first highlighted in June 2024 by Frommer's, which referenced a related deal involving Immigration and Customs Enforcement (ICE). This earlier case was investigated by The Lever.

According to the privacy assessment reports reviewed, most of the data being purchased by CBP relates to tickets booked through third-party platforms like Expedia or other travel websites. There is no public confirmation yet on whether tickets bought directly from airline websites are also being shared through other means.

The U.S. government has reportedly justified this data collection as part of efforts to assist law enforcement in identifying individuals of interest based on their domestic air travel records.

When contacted by news organizations, including USA Today, both ARC and CBP did not provide any official responses regarding these reports.

The revelations have sparked public debate around digital privacy and the growing practice of companies selling consumer data to government bodies. The full scale of these practices, and whether more such agreements exist, remains unclear at this time.

Read more »
Travelling Safety
Boarding pass Data Breach passenger information Stolen Data Travel Travelling Safety

Experts Alert Travelers Against Sharing Photos of Boarding Passes Online


After giving hours to work – each day, every week, for months – checking in at the airport possibly represents an exciting time, for travelers who have waited long for the much-needed rest and recreation.

One may also want to capture this moment and share a sneak peek of their journey with their pals, starting with clicking a little picture of their boarding pass to post on social media. However, cyber experts have advised the vacationers against this, since doing so could be a risk to their privacy, or even lead to their information getting into the wrong hands. 

While modern boarding passes do not contain any outright personal details and only contain information like the person’s name, flight number and seat number, certain codes could be used by a hacker to further get hold of a victim’s information.

Josh Amishav, Founder and CEO of data breach monitoring company Breachsense, explained "Your frequent flyer number, name, and passenger name record are valuable for identity theft, enabling fraud like opening credit card accounts or making unauthorised purchases.”

"Hackers can employ social engineering techniques, pretending to be airline representatives to trick you into revealing more personal data. They can also create targeted phishing attempts using your boarding pass info, leading to clicking on malicious links or sharing sensitive data," he says.

The threat does not end here, since this is not the only way a boarding pass can be used by an unauthorized body to access a flyer’s information. Another case that comes to light is the illicit usage of contents of a lost or stolen boarding pass.

Thus, there are several measures and precautions one must keep in mind in order to protect oneself from falling prey to such cyber incidents. Here, we are listing some of those measures: 

  • Always make sure that the boarding pass is safe with you; never put it in the pocket of the airplane seat or toss it in a hotel trash can without first shredding it up. 
  • It is crucial to properly dispose of printed boarding passes when one is done with them and no longer needs them in order to prevent the information contents from falling into the wrong hands.
  • In case one is posting picture of their boarding passes, or any documents from their trip on social media, it is recommended to edit those pictures in a way so it does not display any important detail.  

Read more »
Travelling Safety
Airline Boarding pass passenger information Privacy stolen information Travel Travelling Safety

Travel HACK: Why you Should not Share Photos of Your Boarding Pass Online

You are done packing the bags, you put on your airport look and now you are all set to board the flight to your dream vacation. You might as well want to post a picture of the trip, or share a picture of your boarding pass. But wait, doing this recklessly may cost you your privacy.

While boarding passes do not include some outright personal information like an address or a phone number, they do involve certain codes that would work well for a crime actor to find information about you

The documents may appear to be nothing more than travel keepsakes outside of their primary use at the airport, but they are much more informative than many travellers realise. According to Amir Tarighat, CEO of cybersecurity company Agency, "people often think, like, 'Just this information isn't enough to compromise (me)' but that's not how the attackers view that information." Boarding passes possess information like the flyer’s legal name, your ticket number, and passenger name record (PNR), a six-digit alphanumeric code specific to their reservation.

Meanwhile, Amir Sachs, founder and CEO of cybersecurity and IT company Blue Light IT said, “Using the PNR and your last name, a hacker can have full access to your booking information, which will give them access to your phone number, email address, and emergency contact information.” Getting a hand to an individual’s PNR also lead to a passenger’s frequent flier number, Known Traveller Number (associated with Global Entry and TSA Pre-Check), and redress number (associated with the Department of Homeland Security’s TRIP program).

With all the aforementioned information, one can easily change a passenger’s booking. In fact, all you need to change or cancel flights online is your name and PNR; a password is not required. Additionally, someone may simply steal a hard-earned frequent flier miles if they gain access to their frequent flier account, which does require a password. Moreover, much worse issues await if a hacker gets hold of a victim’s details through their boarding pass.

Josh Amishav, founder and CEO of data breach monitoring company Breachsense explains, “Your frequent flier number, name, and PNR are valuable for identity theft, enabling fraud like opening credit card accounts or making unauthorised purchases[…]Hackers can employ social engineering techniques, pretending to be airline representatives to trick you into revealing more personal data. They can also create targeted phishing attempts using your boarding pass info, leading to clicking on malicious links or sharing sensitive data.”

While these risks do not stop at posting your boarding pass online, you might as well want to skip the entire printed boarding pass to reduce the risk of data being compromised from a discarded or lost slip. Researcher and senior technical director for cyber safety brand Norton explains, “Consider using a mobile boarding pass to ensure no physical copies will be left behind in your plane seat pocket, boarding area, or somewhere else where scammers can easily grab it.” One may consider that travel apps too could be hacked, so compromising digital boarding pass is not something entirely safe either.

Even though one may get quite lucky to avoid any such issue, posting a photo of your boarding pass online is not worth the risk. Thus, being mindful in taking cautionary measure could save you from any trouble. If you are adamant on posting a picture of your boarding pass online, you can use photo-editing software to hide away that information, or you can skillfully stage your photo so that none of the identifying details are visible, which will also include the barcode.

“Hackers can use barcode scanners to steal information from boarding passes shared online or left behind in airplanes and airports[…]Depending on the airline, a barcode scanner can unveil a flier’s airline account number, associated email and phone number, and your flight’s confirmation code — information that could all be used to make a phishing attack look more realistic,” explains Roundy.

It is also advised to post your travel photos on a delay— ones you are back from your travel, as Sachs says, “Keep your info safe and save the travel bragging for when you’re safely back home!”  

Read more »
Subscribe to: Posts (Atom)