Originally Posted by Kacee

Except it's possible an agent (or agents) who had a reason for accessing the record shared the information internally, either appropriately or as gossp, and that someone else leaked to the press. It could prove very difficult to ID the person who actually leaked it.

Originally Posted by lincolnjkc

{E}ven if someone internal with a NTK accessed it with a legitimate business reason I'm not sure the fact that they "only" gossiped about it internally and someone downstream leaked it to the press I don't think is really mitigating. Airlines have and are trusted with huge amounts of data on passengers much of it we don't really have a choice about disclosing. If I were of any notability I wouldn't be crazy about employees sharing my future travel plans without a valid business reason (past travel plans, perhaps oddly, I have many fewer issues with) --- of course the greatest idiot is the external leak (or the journalist who identified as a UA source...based on APIS it could have just as easily been a leak from the CBP/DHS direction, or passenger's staff among others)...

But this isn't exactly a new issue either -- I have an old NW "Ground Services Format Guide" (revision dated April 1988) that all VIP PNRs will be recorded as being on flight 9989 MSP-QXA presumably to make leak tracking easier and help prevent accidental leaking)