To main content

Unwanted access to a Transavia mailbox

We continuously monitor our IT landscape to track deviating activities. We have recently found that there has been a case of unwanted access to a Transavia mailbox. After investigation, it appeared that this mailbox contained a file with personal data of a number of passengers who traveled with us between 21 and 31 January 2015. We have reported this to the Dutch Data Protection Authority. Despite the fact that this concerns data from the beginning of 2015 and that it did not contain sensitive data such as address data, credit card information or passport information, we personally inform the passengers involved about this event.

Frequently asked questions

Below you will find the most frequently asked questions. Is your answer not listed? Then contact our service center. We have a special telephone number +31 (0) 85-0022627, open for questions. We are happy to help you from Monday to Friday between 9:00 AM and 5:00 PM.

What exactly is going on?
Because we constantly monitor our IT environment, we have discovered that there has been unwanted access to a mailbox with a file with personal data.

What information was in the mailbox?
It concerns data from 80,000 passengers who traveled with Transavia in the period from 21 to 31 January 2015. The data that were in the file are: first name, last name, date of birth, flight data, booking number and services that have been credited such as luggage, skis and wheelchairs. This therefore does not concern sensitive data such as payment data, credit card information, passport information or contact details such as address data, e-mail addresses and telephone numbers.
 
How do you inform the passengers involved?
We inform the passengers concerned via the email address of the main booker.

I have not received a message, were my details also in the document?
If you have not traveled in the period from January 21 to January 31, 2015, your details will not be included. If you have traveled to a destination other than Egypt, Lapland or the Canary Islands during this period, then your data will be in the document.

I have traveled between January 21 and January 31, 2015, but I have not received a message from you, how is this possible?
There are two possible reasons:

  • You traveled to Egypt, Lapland or the Canary Islands. The passenger data of the flights to these destinations is not in the file.
  • You were not the main booker. We inform the passengers concerned via the main booker whose e-mail address we have. Note: You may have booked through an intermediary (such as a tour operator or travel agency). In this case they are registered as main bookers and they have been notified by us.

Is there also data from your partners or their customers in the document?
It concerns data of passengers who were on board with us from January 21 to January 31, 2015, with the exception of passengers on flights to Egypt, the Canary Islands and Lapland during that period.

Is there a chance of abuse?
After investigation, we have no reason to believe that the unwanted access to the mailbox was aimed at obtaining this data. In addition, practice shows that with this combination of data (name, date of birth and flight data) the chance of abuse is minimal.

What measures has Transavia taken to prevent recurrence?
We started an investigation and immediately implemented improvements to prevent a future recurrence. In addition, we continuously invest in our information security.