Lufthansa boss Carsten Spohr has apparently fallen for a security gap in the airline. Unknown obtained data using his boarding pass.
Lufthansa boss Carsten Spohr has apparently fallen victim to an IT security gap in his company. As Der Spiegel reports, strangers accessed sensitive data using the QR code on one of Spohr’s boarding passes. Among them are Spohr’s email address and cell phone number. Carsten Spohr is the airline’s CEO.
Lufthansa is already aware of the security gap. The airline’s boarding passes not only contain information about the respective flight, but also sensitive data, according to Spiegel. In the case of frequent flyers, for example, this includes their service card number. With this number and the customer’s last name, unauthorized persons can read out the respective booking on the Lufthansa website, print boarding passes or change the shipping method for boarding passes. However, a PIN is required to log into the user profile.
“Treat documents like cash”
A Lufthansa spokesman confirmed to Der Spiegel that data can be read out via the boarding pass. He denied that there was a security risk, but explained that Lufthansa was working on new industry standards under the title “Digital Hangar”. For the time being, however, customers would have to take care of their data themselves: “We recommend that our passengers […] [die Flugdokumente] treated like cash,” the spokesman said.
At the beginning of 2021, passenger data was leaked from Lufthansa, among others. At that time, unknown persons had attacked the servers of the service provider Sita. Sita manages data on passengers and luggage, among other things, for the Star Alliance, which also includes Lufthansa. According to a letter from the airline, information about the service card number, status level and, in some cases, the name of Lufthansa customers was affected at the time, but no e-mail addresses, passwords or other personal data.