Airline employees likely behind customer information leaks to taxi companies: Vietnam aviation authority

The Civil Aviation Authority of Vietnam (CAAV) has uncovered multiple issues regarding the security of passenger information following an inspection into Vietnam's top three airlines.

The transport ministry ordered the inspection in October following complaints from passengers who said they had been receiving calls and text messages from taxi companies they'd never used before. A separate police investigation into the issue has also been launched following a request by national carrier Vietnam Airlines.

In its report, the CAAV said some of its inspectors also received text messages from taxi companies despite using non-revenue airline employee tickets. Information from these bookings should only be accessible by airline employees, so the CAAV concluded that airline staff were responsible for leaking customer information.

Travel agents were also named as a second potential source of the leaks. Some agents were found to have sold customer information to third-party companies who in turn sold it to taxi drivers. The CAAV has compiled a list of these third-party companies and will be sending it to relevant authorities to deal with.

Inspectors also found that while Vietnam Airlines uses a secure booking system provided by Sabre Airlines Solutions, budget carriers VietJet and Jetstar Pacific are still using an insecure system.

However, Vietnam Airlines is still the main target of the leaks, as its employees often share their Sabre accounts with one another and many accounts belonging to former employees are not deactivated.

Additionally, employees from all three airlines were found to have installed unregulated messaging applications such as Viber, Skype or Zalo on their work computers, allowing them to leak information freely.

According to the CAAV, the leaked information often belonged to customers who purchased more expensive tickets and those traveling far from home.