Wednesday, 3 May 2006

Identity theft from a discarded boarding pass

This week the Guardian (U.K.) newspaper picked up a story I first reported five years ago, describing how they were able to obtain an unsuspecting traveller's airline profile and personal data, using only the information on a discarded airline boarding pass stub.

Exactly four years ago, I filed my first report from the annual Computers, Freedom, and Privacy conference on the possibility that identity thieves, stalkers, terrorists, or other criminals could access travellers' reservation records -- including, in many cases, personal information, home addresses, passport numbers, etc. -- from information obtained from a discarded or "shoulder surfed" boarding pass or itinerary header. The Guardian used a slightly different methodology than the one I described in my earlier report. But they were successful without the need for any insider or industry-specific knowledge.

Aptly, I read the Guardian report while sitting at this year's CFP conference waiting for the start of the plenary session on the possibility of a Federal data privacy law (which we don't yet have in the USA) for personal information held by private and commercial entities -- including, not least, travel and reservation companies.

Neither the discussion, nor enactment of such a law, can come too soon.

Link | Posted by Edward on Wednesday, 3 May 2006, 06:31 ( 6:31 AM) | TrackBack (0)
Post a comment

Save personal info as cookie?

RSS 2.0 feed of this blog
RSS 2.0 feed of this blog
RSS 1.0 feed of this blog
Powered by
Movable Type Open Source
Movable Type Open Source 5.2.13

Pegasus Mail
Pegasus Mail by David Harris
Disclosures & Disclaimers
All advice and recommendations are the personal opinions of Edward Hasbrouck, and do not necessarily represent the views of my publishers, employers, or clients.