Trans World Airlines is bracing for turbulence after the company inadvertently included subscribers' email addresses in an electronic bulletin--potentially leaking valuable information to marketers and
TWA began sending the weekly "Dot Com Deals" last night when a staff member
noticed each bulletin listed hundreds of customers' individual email
addresses. Typically, subscribers cannot see the addresses of other
By the time TWA programmers could resolve the problem late last night, the
email addresses of 80 percent of TWA's subscribers had been disclosed,
according to the company.
None of the people who received the TWA bulletin received a complete list of
all other subscribers. Instead, most received a chunk of addresses close to
their own in an alphabetical list. For example, a subscriber whose email
address started with "jon" could have received dozens of email addresses
beginning with the letters "jo."
TWA would not disclose the number of subscribers to its bulletin. But
spokesman Mark Abels called the number "significant."
"It was obviously a mistake, and we're correcting it, and it won't happen
again," Abels said from the company's headquarters in St. Louis. "We
apologize. It's not appropriate, and it's not the way we normally do
Customers' credit card information, buying habits and physical addresses
were not disclosed. But the breach could provide savvy marketers with
coveted contact information for a potentially lucrative market: business and
leisure travelers who are interested in last-minute travel deals and who may
have a record of relying on the Net for big-ticket purchases, such as vacations.
Most major airlines rely on similar email bulletins to advertise discounts
on last-minute tickets and travel packages.
TWA's mistake also could expose "Dot Com Deals" subscribers to
spammers--people or organizations that send unsolicited bulk email, or spam.
"Depending on what TWA's policy is with members, this may be a breach of
attorney specializing in the Internet and intellectual property law at
Seyfarth Shaw Fairweather & Geraldson in Chicago.
"This should be a big concern to TWA and the subscribers," he said. "It's
extremely valuable information. That's a very powerful list."
The accident comes at a time when many Net users are becoming increasingly
alarmed at more serious security breaches that have plagued other companies.
RealNames, a company that substitutes complicated Web addresses with simple
keywords, warned its users last month that its customer database had been
hacked, exposing user credit card numbers and passwords.
Also in February, H&R Block's online tax filing service exposed some
customers' sensitive financial records to other customers, prompting the
company to temporarily shut down the system.
Although TWA's error is relatively harmless in comparison, the airline is
taking pains to compensate. The company is emailing apologies to all
subscribers and encouraging those who get bombarded with spam as a result to write to customer relations agents at firstname.lastname@example.org.