Transavia has reported the leak to the Dutch Data Protection Authority. This is mandatory when data is leaked. The affected travelers were also individually informed. This concerns a total of data of 80.000 passengers who traveled with Transavia in the period from 21 to 31 January 2015.
The personal data that were in the file are: first name, last name, date of birth, flight details, booking number and services that have been added such as luggage, skis and wheelchairs. It therefore does not include sensitive data such as payment details, credit card information, passport information and contact details such as address details, e-mail addresses and telephone numbers.
At the end of last year, the budget company Transavia already noticed that an unknown person had access to the mailbox of an employee of the company. It later turned out that this mailbox contained a file with personal data such as the first name, last name, date of birth and flight details of a group of travelers who flew between January 21 and January 31, 2015.
The company continuously monitors the IT landscape to track abnormal activities. Furthermore, Transavia has started an investigation and improvements have been made to prevent recurrence in the future. About the exact measures that were taken, the spokeswoman said nothing.
It is not known whether, on what scale and for what purpose the data were taken and used by the digital burglars. Last year, the Dutch Data Protection Authority almost received 26.956 notifications about data breaches. That is an increase of 29% compared to 2018.
