Friday, September 12, 2025
Vietnamese
  • Nghe An Newspaper:
  • Nghe An Television:

Customer information exposed due to software vulnerability?

December 16, 2017 10:51

The conclusion of the inspection of the Civil Aviation Authority of Vietnam on the leak of passenger information security of the three airlines Vietnam Airlines, Vietjet Air, Jetstar Pacific clearly stated that the source of the information leak was due to airline employees and software vulnerabilities, only partly due to airline ticket agents.

Tin nhắn chào mời khi khách vừa xuống máy bay.
Welcome message when the passenger just got off the plane.

In fact, this is not new. The leakage of passenger information has been on the rise since 2013. The Civil Aviation Authority of Vietnam has also asked airlines to review and have plans to prevent it, but the leakage of information continues and shows no signs of abating.

Even when the department established a customer information security inspection team in October at the airlines, those who leaked or let it slip through... were still not afraid and passengers continued to have their information sold.

Ms. Thanh Huyen (Ba Dinh District, Hanoi) shared that on the afternoon of December 6, after her flight from Phu Quoc (Kien Giang) landed at Noi Bai airport for more than 5 minutes, her phone restarted and received a text message from a taxi company operating at Noi Bai airport, offering a ride from Noi Bai to Hanoi for only 260,000 VND.

Notably, her ticket was booked directly on the airline's ticketing system, not through a ticket agent. Not only Ms. Huyen, many other passengers also received text messages inviting them to take a taxi when landing at Noi Bai or Cam Ranh (Khanh Hoa) airports...

Meanwhile, Mr. NVC (Hanoi) shared that he owns an airline ticket office, books tickets for customers using the agent's number, and he himself is also a "victim" when he continuously receives text messages inviting him to use taxi services.

According to him, many ticket offices only provide their phone numbers when booking for customers to avoid being bothered, but as a result, they receive countless messages and calls every day inviting them to take taxis or pick-up cars. The Civil Aviation Authority of Vietnam said that the inspection team itself, traveling with the industry's special free tickets, also received messages from the taxi brokerage center.

Mainly by airline staff

This shows that the information of passengers on flights was leaked mostly from airline staff, airline ticket office staff or ground service staff at the airport.

In addition, according to the Civil Aviation Authority of Vietnam, airline ticket agents can provide information about passengers traveling by plane to organizations and individuals outside of the passengers booked, reserved, and sold tickets by the agent.

Hành khách chờ làm thủ tục tại Sân bay Tân Sơn Nhất
Passengers wait to check in at Tan Son Nhat Airport.

Passengers who are targeted with taxi service messages are selective, focusing on passengers who have booked, reserved, and sold tickets on Vietnam Airlines flights (usually this group of passengers has a higher income than passengers of low-cost airlines and this airline does not have airport pick-up and drop-off services).

The passengers whose information was sold mainly had routes to Noi Bai, Cam Ranh and Lien Khuong airports (Lam Dong) - all of which are airports far from the city center.

According to the Civil Aviation Authority of Vietnam, the main users of passengers' personal information are online taxi brokerage centers (similar to Uber and Grab) established and operated by Vietnamese enterprises, instead of the taxi transportation companies themselves as before 2015.

Notably, the provision of passenger information to these centers is done smoothly, continuously and systematically through information technology software.

Risk to customers

According to Mr. Vo Do Thang, Director of Athena Cyber ​​Security Center, the frequent and large-scale disclosure of information shows that it mainly comes from internal airline employees. Leaking passenger information while flying seems simple at first glance, but according to Mr. Thang, there are many potential risks when the customer list can be spread to other businesses.

Not only are you bothered by text messages and phone calls offering ride services, but your customer list with personal phone numbers or emails is also a lucrative "product" that can be resold to real estate, insurance, and banking businesses...

Not to mention, in the worst case, the disclosure of personal information of those who "book" tickets online and pay with bank accounts via ATM cards, visa... if exploited by hackers, can also pose a potential risk of account hacking.

Nhiều hành khách đi máy bay bức xúc khi bị lộ thông tin và bị mời chào đi taxi.
Many airline passengers were upset when their information was leaked and they were offered taxis.

According to Mr. Thang, the problem of customer information leakage is mainly due to human factors, proving that the human resource management process of the companies has problems.

To prevent surveillance, the best way is to monitor employees such as not bringing personal devices such as USB, phone, storage devices, before and after work must go through the monitoring system. Anyone who violates will be severely punished, if done so will limit many internal problems of employees leaking information.

On the other hand, currently, companies allowing employees to use tools such as Viber, Facebook, Zalo... also poses a high risk of exposure and leakage when the monitoring system is too weak.

“Information leaks and breaches in other countries are rare, due to strict control by not allowing employees to bring personal devices, only working on company devices and these devices have been equipped with security tools, when something happens, it is very easy to trace who leaked or breached,” Mr. Thang said, adding that not only in the aviation sector but also in other sectors requiring high security, employee supervision is carried out very closely.

This expert also believes that the lack of strong enough sanctions when personal information is leaked or leaked also makes it too easy for personal information in Vietnam to be spread. In other countries, when customers have their information leaked, they can collect dozens or hundreds of people whose information has been leaked or leaked, hire lawyers to sue the companies, then the companies must investigate and compensate the customers for damages (if any).

To effectively prevent information leakage, the first thing is to plug software vulnerabilities, but more importantly, to build a monitoring mechanism for airline employees, and to take strong administrative and even criminal measures if information selling networks are discovered.

According to Thanh Nien Newspaper

RELATED NEWS

See more Economy

Featured Nghe An Newspaper

Latest

    See more

    Read more

      x
      Economy
      Customer information exposed due to software vulnerability?

      Managing agency: Nghe An Provincial Party Committee

      Editor-in-Chief: Tran Minh Ngoc

      Electronic newspaper operating license number: 153/GP-BTTTT

      Ministry of Information and Communications issued on March 24, 2022

      Nghe An Newspaper and Radio and Television

      Head office: No. 01 Nguyen Thi Minh Khai - Thanh Vinh Ward - Nghe An Province

      Facility 2: No. 378 Lenin - Truong Vinh Ward - Nghe An Province

      Phone: 0889662525; Fax:(023)83.847898

      Contact to send news:[email protected]

      Contact advertising

      Phone: (023)88 600006
      E-mail: [email protected]

      Any form of copying information or images must have written consent.
      © Copyright belongs to Nghe An Newspaper and Radio and Television

      POWERED BYONECMS- A PRODUCT OFNEKO