Recent research by Wandera found that the check-in system of British Airlines is leaking the personal data of customers due to a major security gap. This news comes just one month after British Airways became the first company to receive a major fine under the European Union’s General Data Protection Regulation (GDPR). The airline was fined over $200 million over the data breach the company experienced in the summer of 2018.
The information leak results from the fact that British Airways sends customers unencrypted check-in links that contain customer names and booking reference numbers in the URL. According to the researchers, these two pieces of data represent “the keys to the kingdom” for threat actors, who could Intercept the links sent to users on a public Wi-Fi network and use the information to login to their account, where they would have access to even more personal data. However, passport and payment information cannot be exposed in this way.
Read more: British Airways Has Yet Another Security Problem, New Report Says