An El Al booking software vulnerability exposed airline passenger name records. Passenger name records are a bundle of personal and travel data that gets collected whenever someone books a flight. Security researcher Noam Rotem discovered the flaw on Israeli airline El Al’s website. El Al uses a booking system from Amadeus, a Madrid-based company that works with 500 airlines, including United Airlines and Air Canada. An attacker could change meal preferences and seats, fraudulently claim frequent flyer miles, update email addresses and phone numbers and cancel flights.”]
Source: https://www.cuinfosecurity.com/airline-booking-system-exposed-passenger-details-a-11952