Amadeus says customer information was stolen from Resbird Technologies, its independent distributor in India, in January 2019. In a statement, the distribution giant says that while there was no “unauthorised access to the system,” a Resbird employee who had rights to access the systems had illegally taken information from a number of passenger name records (PNRs). The employee is then believed to have passed the information to a third party that specializes in SIM cards for mobile phones. According to the Amadeus statement, the PNR information included name, contact details and travel itineraries.
In a small number of cases, it may also have included passport details. The information accessed came from India-based travel agents and involved only tickets issued in India. The statement says a number of actions have been taken, including the employment terminated for the person involved and a report filed with the police in India. It is not known how many records were accessed, but Amadeus felt it was large enough to file a report with the Spanish data protection authority. The company is also conducting a review of the data compromised, which goes back to the end of June 2018. It has also sent a “cease and desist letter” to the SIM card company for the stolen information to be returned or destroyed.