Have you thought about what your boarding pass might say about you and what data might be leaking publicly on that piece of paper that you most likely discard in the seat pocket in front of you? Turns out it is most risky than you think.
What is PNR?
PNR stands for “passenger name record”, which is a data rich record that’s generated every time you book a flight. This record is a 6 character alpha numeric code that aids in managing your booking through the airline’s website. It contains confidential information such as name, date of birth, passport details, car or hotel bookings, last 4 digits of the payment credit card, etc. So you may ask, how does this affect me and my security? Example below:
Imagine you are a hacker. You may know that I have just flown from London to Bangkok with British Airways, for example. You also know that my return flight is in two weeks, I flew economy and on the outbound a vegetarian meal was requested. You put the pieces together based on your travel history and craft the following email, acting as British Airways: “If you require a vegetarian meal for your return flight, please click the link below to “order it now”. As an important customer of ours, we would like to upgrade you to “business class” as well and to do so, please click the below link to accept the offer”.
With all of the accurate information mentioned, who wouldn’t click that link?
Unfortunately, the aviation sector, like many industries, has a lot of work of work to do when it comes to cybersecurity, but we as passengers also have a responsibility for our data, too. Let’s not make it easy for the bad guys.
What can we do to reduce this risk?
- Don’t post pictures of your boarding pass or luggage tags online.
- Try to avoid identifying which airline you are flying with in any social media posts. If I didn’t know which airline you were using it would take a lot longer and a lot more effort to go through trying each airline’s website flying that route to find the one you were using.
- Destroy your boarding pass and luggage tags securely. Use a cross cut shredder ideally. Keep them in your possession until you return home and you can dispose of them securely and certainly don’t leave them in the seat back in front of you on the plane!
- Only give the airline the information it marks as essential when booking your flight. If it is not marked as a compulsory field then leave it blank. Reduce the amount of personal information they hold on you in the first place.
Information taken from: https://red-goat.com/uncategorized/boarding_passes/