Up to eight airlines do not encrypt e-ticketing booking systems leaving personal customer data open for the taking. Southwest, Air France, KLM, Vueling, Jetstar, Thomas Cook, Transavia, and Air Europa are at risk. The flaws allow a hacker on the same network as the passenger to easily intercept a check-in link request, use it themselves and then gain access to the passenger s online bookings. The hacker could then view all of the personal data associated with the airline booking including full name, confirmation number, and frequent traveler number.
Source: https://threatpost.com/flaw-in-multiple-airline-systems-exposes-passenger-data/141596/