Utair Data Breach

20/03/2019 · 401,400 records · moderate risk

0 /100

Gravity Score

Critical

Calculated based on the types of data exposed (8 categories) and the volume of affected records (401,400).

Airline records often combine contact details with official documents and travel related identifiers, which raises the stakes in a leak. With Utair, reports surfaced about a breach that allegedly dated back to the previous year.

The exposed data could directly identify passengers, and the inclusion of passport numbers alongside birth dates and addresses increases the risk of identity misuse. Loyalty program information can also be attractive to criminals because it may be tied to redeemable value.

Compromised fields included names, email addresses, phone numbers, physical addresses, dates of birth, gender, passport numbers, and loyalty program details. This mix can enable scams impersonating airline support, fraudulent booking changes, or attempts to take over loyalty accounts.

More than 400 thousand unique email addresses were involved. The combination of volume and highly sensitive identifiers makes the potential impact significant, including financial loss and travel disruption.

Exposed data

Dates of birth Email addresses Genders Loyalty program details Names Passport numbers Phone numbers Physical addresses

What to do based on this breach

Access your loyalty program account to review logins, change the password, and set a redemption PIN if the program supports it

Be cautious of emails or calls about flights or points that ask you to confirm passport details or date of birth

Consider credit monitoring or a fraud alert where available because passport numbers and addresses can support identity theft

Review travel accounts linked to the exposed email and keep documentation in case you choose to exercise GDPR rights to access or rectify data

What can we learn from this breach?

This incident underscores that travel data is not just contact info, it can include valuable identifiers like passports and loyalty accounts. Organizations should isolate and strongly protect these fields and reduce exposure through limited retention. Users should treat loyalty accounts like financial accounts, using unique passwords and being wary of requests for personal documents.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Odido

11/02/2026 6,077,025 records high risk

7 data types in common

Canadian Tire

01/10/2025 38,306,562 records high risk

6 data types in common

← All breaches