Lufthansa and Swiss airlines have acknowledged that their systems were responsible for the recent breach in privacy and security, where Apple’s AI assistant was able to track down log-in details from flight bookings and automatically added them to complete strangers’ calendars. When passengers purchase a flight ticket, they are given a booking code that should be kept confidential. This code, along with the passenger’s last name, grants access to the booking on the airline’s website or app. However, this information was leaked due to a manual misconfiguration in the Lufthansa app and website, which allowed users to view other passengers’ travel and booking data for a brief period.
While the error was quickly identified and corrected, Siri, Apple’s AI assistant, read flight booking information from the affected airlines’ apps and added it to users’ calendars without their input. This poses a significant privacy and security risk as other travelers’ personal information could be accessed and potentially misused. The incident highlights the ongoing issue of inadequate protection for passengers’ flight bookings in the airline industry. While flying itself is safe, booking processes remain vulnerable to exploitation. Airlines need to prioritize the security of customer data and implement stronger safeguards to prevent such breaches from occurring in the future.
