A mistake with United Airlines On this website, anyone can access ticket information for travelers who have requested a refund.
On the airline’s website, users can check their refund status by entering their ticket number and last name. However, the website did not verify the last name, so changing the ticket number can access other travelers’ refund information.
IT security expert Oliver Linow, who found the bug, told TechCrunch that he could see the travelers’ last names, payment method and currency for the ticket purchase, and the refund amount.
Like most other airlines, United allows passengers to access and change their upcoming flights using just a passenger̵
Linow reported the problem to United on July 6. It took the airline a month to fix it. But Linow never heard from the airline again.
It is not known how long the bug was present. United did not respond to our emails asking whether the airline had notified the data protection authorities of the incident.
Companies that violate European data protection regulations can be fined up to 4% of their annual turnover.
Airlines withheld multi-billion dollar refunds during the pandemic as passenger numbers plummeted. United later received a $ 5 billion stake in a $ 25 billion federal aid package to keep the aviation industry alive.
Earlier this month, United announced it had around 20% of its workforce – around 16,370 people.