If you’re an avid Twitter user, you see the same interaction play out again and again. A disgruntled traveler is fed up with their airline service — maybe there’s a flight delay; maybe there’s an out-of-line employee — and they take their beef public.

“Hey, @SouthwestAir,” the user might write, “Thanks for delaying my flight and keeping me from reaching my son’s graduation.”

(There are hundreds of variations of this every day, spanning dozens of airlines. Here’s an example. Here’s another one. Here’s another one. It’s constant.)

Last week, this time-honored Twitter tradition hit some turbulence when Spyglass Security CEO Jackie Singh tweeted about a flight attendant’s inappropriate behavior. As originally reported by Ars Technica, Singh’s post led to an unfortunate situation when Southwest Airlines’ social-media person included Singh’s flight number in a reply tweet.

At first glance, it didn’t seem like a big deal… unless you understand the potential perils of such personally identifiable information (PII) reaching the public.

What Is PII?

Earlier this year, we produced an informative graphic on personally identifiable information. It’s definitely worth your time to review. Defined as “sensitive data that can be used to identify, contact or locate an individual”, PII comes in hundreds of forms.

One of which is a flight number, which allows another person to know exactly when and where you will be at a given time.

In Singh’s case, she is the CEO at a prominent security company, and has nearly 20,000 Twitter followers. While not a celebrity, per se, it’s conceivable that her notable online audience might harbor some people who would take gross advantage of her public PII. Even if Singh were someone without any sort of social media following, she would be vulnerable to stalking and personal harm.

As it stood, Singh was fearful enough to hide in the airport bathroom for 45 minutes after exiting her gate, per Gizmodo.com.

What Are You Posting Online?

Sometimes, the blame for public flight info lies on the user’s shoulders. For instance, it’s relatively common for Instagram users to post pictures of their boarding passes.

As Vice.com reported a couple years ago, the results can be disastrous. Access to a boarding pass can lead to access to a frequent-flyer account, which leads to access to PII such as passport number, birth date, and payment information.

In that story, cybersecurity expert Michael Spacek outlined a scenario in which a mischievous friend can use a boarding pass photo to log in to your account, change your passport information, and frame you as an internationally wanted criminal.

While that’s a bit of a far fetched consequence, it’s not difficult to execute. And more realistic consequences — stolen funds, altered passwords, etc. — await.

When you book your flight, remember: It’s much safer to simply keep your boarding pass out of the public eye.

The Security Awareness Company

With over 25 years of industry experience, we serve both small & large organizations to create successful security awareness and compliance programs on an international scale. Our team is a strong, creative powerhouse with a passionate vision and we consistently produce on-trend end-user training materials of the highest caliber.