Security News > 2020 > December > Travel agent leaked customer data by – this is embarrassing – giving it away in a hackathon

Travel agent leaked customer data by – this is embarrassing – giving it away in a hackathon
2020-12-07 07:33

Be careful what you wish for when running a hackathon, because one in Australia turned up a data breach in the trove of sample data offered to hackers.

Flight Centre thought it had cleaned that dataset so that design jammers could see year of birth, postcode, gender and booking information, but no personal information.

To its credit, within 30 minutes of learning about the breach, Flight Centre restricted access to the data to design jam participants.

A ruling regarding the incident by Australian Information Commissioner Angelene Falk found that poor design of, and abuse of, the free text field was the culprit.

Poor design of the field was in evidence because the free text field did not exclude data such as credit card and passport numbers, despite the existence of policies that instructed workers not to use the field for such purposes.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/07/data_breach_in_hackathon_data/