Out of curiosity, as someone who has never used/had access to Amadeus but has an interest in IT and security, can you be more specific here CWS? I assume (and would hope) that Amadeus doesn't let users run any old SQL syntax, and that it effectively uses prepared statements (parameterised queries) for security - and that one of these is effectively "extract me a list of all phone numbers from flights currently delayed". But presumably these kind of uses are logged against a username, so it should be possible for forensics to triangulate which person(s) are running these queries regularly and proceed with a more targeted investigation from there?

Is there any indication that HAL/BA security are looking into this - I guess a lot of people in this thread have reported it to them.