Transavia data leak could affect 80,000 passengers

Transavia airplanes at Schiphol
Transavia airplanes at Schiphol. April 21, 2007Pieter van MarionFlickrCC-BY-NC

The data of 80 thousand Transavia passengers leaked out after an e-mail inbox containing the data was breached, the Dutch low-cost flyer said on Monday. The data that was released includes passengers’ full names, date of birth, flight information, booking number, luggage purchase, and additionally requested services like wheelchair assistance.

The KLM subsidiary said the data was in a file in the mailbox, but it did not say why the years-old passenger information was being kept that way.

Affected passengers include anyone who flew on the airline between January 21 and January 31, 2015. The only passengers whose data was not included are those who traveled to the Canary Islands, Egypt, or the Lapland region of Finland.

“We have recently found that there has been a case of unwanted access to a Transavia mailbox,” the airline said in a statement to passengers. “Despite the fact that this concerns data from the beginning of 2015 and that it did not contain sensitive data such as address data, credit card information or passport information, we personally inform the passengers involved about this event.”

The airline stopped short of saying a hacker stole the data, only stating that it was a form of “unwanted access.”

Transavia said it would individually contact those passengers whose data was possibly taken through the e-mail address used when booking the travel five years ago. Tour operators and travel agencies were already notified.

“After investigation, we have no reason to believe that the unwanted access to the mailbox was aimed at obtaining this data. In addition, practice shows that with this combination of data (name, date of birth and flight data) the chance of abuse is minimal,” Transavia said.

The airline pledged to improve its cybersecurity measures to prevent recurrence.