back to article Flight Centre leaks fliers' passport details to 'potential suppliers'

Human error at travel company Flight Centre has resulted in a leak of personal information, including data of customers' passports. “Personal information relating to some leisure customers in Australia was accidentally made available to a small number of potential third party suppliers for a short period of time,” a …

  1. Richocet

    My interest in the legal harvesting and wholesale market in personal information recently went from "keeping a concerned eye on" to "this is getting out of control".

    One of my hypotheses is whether information about a person travelling away from home by booking flights could be purchased by organised criminals via a front company. They require both travel dates and a home address.

    My guess is that yes, the ecosystem lacks strong checks on who is buying the information and there are plenty of intermediaries which makes it easy for a front company to participate.

    This article leads me to think that detailed enough personal data is being exchanged between companies that completes this risk puzzle.

    Am I paranoid?

    1. Mark 85

      I don't think so. How many times have heard about someone's house being cleaned out while they're off on a trip? There's even been reports of miscreants trying to sell the house or move in and claim "squatter's rights". I think some paranoia is healthy.

  2. Scoular

    It is a fair bet that many companies and government bodies are only too willing to 'share' data with others and not ask too many questions about the potential uses of the data.

  3. Neoc

    I, too, smell Human Error

    I bet the "third-party provider" who was "developing products" asked for sample data and some nitwit pulled a set from the production database and did not anonymise it before handing it over.

    1. Anonymous Coward
      Anonymous Coward

      Re: I, too, smell Human Error

      Having had to spend 3 months in a previous role explaining repeatedly to a Marketing team why they couldn't use a customer's live patient database for a public trade show stand demonstration system I have no problem believing you are right...

      1. Alistair
        Windows

        Re: I, too, smell Human Error

        "Having had to spend 3 months in a previous role explaining repeatedly to a Marketing team why they couldn't use a customer's live"

        Months?

        You lucky bastard, I've been doing this for years.

        1. Cpt Blue Bear

          Re: I, too, smell Human Error

          I find the best card to play is to refer then to legal for a short sharp dressing down.

  4. MrDamage Silver badge

    “human error, not by a system or security failure”.

    If their system allow such quantities of sensitive information to be shared in such a manner, it is both a system AND security failure.

    Furthermore, they are irresponsible to claim the risk of it being misused is "low", as they have no control over it once it left their systems. A fully independent and detailed audit should now take place, at Flight Centres expense, with the ultimate costs (replacement passport and C/Card costs, as well as financial compensationfor those affected) coming from the collective pockets of the Board.

    Until the costs of fuckups like this start hitting the C*O's, none of them will take security seriously.

  5. John Smith 19 Gold badge
    Coat

    The "supplier" might want a relationship with them.

    Not so sure about the disgruntled contractor they let go yesterday.

    Is there such a person? Who knows.

    Have they taken any information with them? See above.

  6. Anonymous Coward
    Anonymous Coward

    we noticed our error fairly quickly

    = we noticed, FINALLY

  7. Doctor Syntax Silver badge

    “I don't really want to get into ongoing Q&A.”

    Translation: We really don't want to tell you how bad it is. or No, I don't know any more 'cause nobody tells me any more either.

  8. Halfmad

    Don't forget it's not just about the potential to leak that data

    There's a debate over whether people testing system readiness should have access to person identifiable information. They have no need to access that particular data, so they should really be using randomly generated data.

  9. BasicChimpTheory

    Nice article.

    Perhaps it could be further improved with some tweets to obscure the fact that it is light-on for facts?

    (Yes, I understand that the vacay-vendor's lack of opacity is the point but, jeeze, actual information ends with the headline. Shabby stuff.)

  10. Mark Simon

    re “I don't really want to get into ongoing Q&A.”

    Nice one, Flight Centre.

    I have tried Flight Center a few times, and they never got it right. Now they can’t be bothered answering what I consider to be a critical question.

    Happy to have dumped them long ago.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like