While travel requires us to share personal details such as our names, addresses, and social security numbers, few of us think of it as a risk.
It’s simply basic information that’s been required to book a plane ticket for decades, and most of us input it without much thought about the process.
Don’t miss the move: Subscribe to TheStreet’s free daily newsletter
Concern around private information has surged in recent decades as many large companies have reported major data breaches, making people feel less safe about sharing private information.
In 2024 alone, business giants such as AT&T, Ticketmaster, Change Healthcare, and United Health all announced data breaches.
Related: Health insurance giant confirms largest data breach of 2025
But National Public Data (NPD) was the biggest incident, affecting 2.9 billion records and exposing addresses, social security numbers, and nicknames.
No major airlines have declared security breaches recently, but all the same, your data may now have been shared with U.S. Immigration and Customs Enforcement, better known as ICE.
Concerns around privacy have intensified as corporate data breaches become a regular occurrence.
Image source: Shutterstock
Why our data is quietly being sold
In early June, a data collection agency known as the Airlines Reporting Corporation (ARC) sold access to customers’ data captured for its Travel Intelligence Program (TIP) to Customs and Border protection, a part of the Department of Homeland Security, per documents obtained by 404 Media.
More Airlines:
- How unused United, Southwest, Delta airline miles can change lives
- The head of a low-cost airline drops hints about IPO
- 3 major airlines secretly sold your data to the government
As a part of the contract, CBP agreed not to reveal where it obtained the data, which includes passenger names, flight itineraries, and financial details.
In those documents, ARC asks CBP to “not publicly identify vendor, or its employees, individually or collectively, as the source of the Reports unless the Customer is compelled to do so by a valid court order or subpoena and gives ARC immediate notice of same.”
The reason the data is being sold is outlined in a Statement of Work, also included in the documents obtained by 404 Media, which says CBP needs it “to support federal, state, and local law enforcement agencies to identify persons of interest’s U.S. domestic air travel ticketing information.”
Founded in 1985, the privately-held Airlines Reporting Corporation provides transaction settlement between travel suppliers and resellers.
Related: Canceled flight? Stop contacting bankrupt airlines for refunds
Nine major airlines own ARC, including Air Canada, Air France, Alaska Airlines, American Airlines, Delta Air Lines, JetBlue Airways, Lufthansa, Southwest Airlines, and United Airlines.
Key airline representatives from many of these companies also sit on ARC’s Board of Directors.
Criticism of ARC
One vocal opponent of ARC’s practices is U.S. Sen. Ron Wyden of Oregon, who said in a statement, “The big airlines — through a shady data broker that they own called ARC— are selling the government bulk access to Americans’ sensitive information, revealing where they fly and the credit card they used.”
Wyden also said he was seeking answers.
“ARC has refused to answer oversight questions from Congress, so I have already contacted the major airlines that own ARC — like Delta, American Airlines, and United— to find out why they gave the green light to sell their customers’ data to the government,” the statement also said.