Amadeus.com
We’re creating a more connected travel industry, underpinned by sustainability and long-term investor relations.
60px
451px
Amadeus
In January 2019, Amadeus became aware of potential unauthorized and unlawful activity within its independent distributor in India, Resbird Technologies Private Limited (”RTPL”).
A forensic investigation was immediately launched. It determined that there had been no unauthorized access to the system but found that an employee of the distributor, with legitimate access rights to the Amadeus system, had abused her position and illegally extracted certain information from a number of passenger name records.
The employee illegally transferred this information to an unauthorized third party, WorldSIM India, which markets mobile phone sim cards. As a result of this, some travelers may have received calls or e-mails from WorldSIM.
The illegally extracted information was accessed through Travel Agency Sales Reports, generated by the employee, and primarily contained name, contact details and travel itineraries. There is evidence that in a very limited number of cases, passport details were among the data accessed. The employee did not have access rights to credit card details.
The impacted records came from travel agents in India. Only tickets issued in India were involved.
As a result of the investigation and its findings, the following actions were taken:
- The employee’s access rights were immediately blocked and her employment terminated by RTPL.
- RTPL filed a report with the Indian police
- Amadeus filed a report on the incident to the Spanish data protection authority
- Amadeus is conducting a systematic review of the data compromised, which goes back to the end of June 2018.
- A cease and desist letter was sent to WorldSIM in the UK and WorldSIM India, demanding the stolen information be returned or destroyed. WorldSIM is yet to respond. Amadeus is now pursuing further legal action to ensure that all stolen records are returned or destroyed.
- RTPL has further intensified its data security measures and monitoring of the systems. Amadeus has appointed an independent forensic security consultant to assist with this incident and is working with RTPL to take further steps to mitigate against any recurrence of such illegal activity.
RTPL and Amadeus apologize to its subscribers, customers and travelers for any inconvenience caused by this issue.