British Airways Asked To Post Personal Information Publicly

Security researcher Mustafa Al-Bassam discovered that the airline’s social media team demanded customers post a trove of personal information publicly on Twitter. This was supposed to help investigate customer service claims. The information they wanted included passport numbers, full addresses, and other sensitive personal information. The airline kept insisting this was to “comply with GDPR”.

Some users complained about the airline’s bizarrely-worded request. Therefore, British Airways began altering its replies to say that customers should send a direct message to them instead.

LEARNING TIP:  Have proper company guidelines and regular staff trainings on data
protection matters to keep your staff informed and updated.


Full Story


Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts