Report: Security Breach Exposes Travel Plans of Israeli PM

An Amadeus data breach reportedly exposed travel information of high-ranking Israeli government officials, including Prime Minister Benjamin Netanyahu

Prime Minister Benjamin Netanyahu and his wife Sara arrive at Moscow, Russia (Archive photo: AP)

Information about the international travel plans of the Israeli prime minister as well as high-ranking Israeli diplomats and senior agents of the country’s security agencies was leaked following a recent security breach, a hacker who claims to have discovered the breach told Calcalist.

According to the report, the breach compromised the database of Amadeus Leisure Platform (alp.co.il), an online platform used by Israeli travel agents to book flights and hotels and submit visa applications. It is also used by governmental travel agency Inbal, which handles flight bookings and other travel-related services for all government employees, including the prime minister and senior security officials.

The database contained information on 36 million booked flights, 15 million passengers, over one million hotel bookings, and 700,000 visa requests, the report added.

The leaked database also contains the personal details and email addresses of millions of Israelis. Among the compromised email addresses is the one to which the travel booking confirmation of Prime Minister Benjamin Netanyahu and his family is sent, the hacker said. According to him, the Netanyahu family itineraries were sent to the address [email protected]. The Prime Minister’s Office said it was not familiar with the email account.

Calcalist said the hacker warned of the potential for “enormous damage if the breach is not closed.” The financial newspaper later contacted the Israel National Cyber Directorate, which said it had addressed the problem and that the information was no longer accessible.

Amadeus said in a statement: “On May 20, the company learned about a settings failure on its platform, which Israeli travel agencies use to receive benefits and book reservations, thus enabling an illegal and unauthorized access to flight itinerary data. Our cybersecurity team immediately acted and succeeded in fixing the security breach.”

In January, a flaw in Amadeus’ online booking system used by more than 140 airlines could have allowed attackers to access seat assignments and frequent flier information.

The issue, which is now fixed, was first identified by Israeli security researcher Noam Rotem while he was booking a flight with the Israeli national carrier ELAL. Amadeus said it quickly fixed the issue and that no one other than the researcher accessed the data inappropriately.

 

[Sources: CTech, Times of Israel, Skift]