Researcher accesses customer PNR details
Amadeus confirms no personal data lost after hacker exposes tech flaw
Amadeus has confirmed it suffered no data breach after a technical flaw was discovered in its flights booking technology.
The vulnerability was found by Israeli security researcher Noam Rotem while he was booking a flight, according to reports.
He claims to have discovered a way to access customer PNR (Passenger Name Record) details by using a six-figure code printed on boarding passes.
In a statement Amadeus said the problem had now been fixed and that it was not aware that any travellers’ data was compromised.
The company said: “At Amadeus, we give security the highest priority and are constantly monitoring and updating all of our products and systems.
“We became alerted to an issue in one of our products and our technical teams took immediate action and as of January 16 the issue was fixed.
“We can confirm that Amadeus has not detected any data breach and that no data from travellers was disclosed. We regret any disruption this situation may have caused.”
Amadeus added: “We work together with our customers and partners in the industry to address PNR security overall.
“The airline industry relies on Iata standards that were introduced to improve efficiency and customer service on a global scale.
“Because the industry works on common industry standards, including the PNR, further improvements should include reviewing and changing some of the industry standards themselves, which will require industry collaboration.
“We are conducting a thorough internal review and detailed investigation into the root cause and impact of this issue and will be working hand in hand with those customers affected.”