Who sold my data to a flight delay claims handler?
May 3, 2023, 11:39 am
#1
Original Poster
Join Date: May 2014
Programs: BAEC Gold, SAA Voyager
Posts: 214
Who sold my data to a flight delay claims handler?
Following a long flight delay last week, and a flight cancellation on Monday night, I received an unsolicited text message today from FlightClaim.me telling me to start a flight claim as a “recent flight was delayed/cancelled and you may be elegible for compensation.”
What’s bothering me is how they got my data
I booked the flights directly on BA.com using avios
I have a Flighty app subscription where the flights were being tracked (but they don’t have my mobile number)
Am I able to find out how FlightClaim got my data? I know you can request the data a company holds on you, but I don’t know whether you can easily find out how they got it?
It’s the principle which really bothers me more than anything
What’s bothering me is how they got my data
I booked the flights directly on BA.com using avios
I have a Flighty app subscription where the flights were being tracked (but they don’t have my mobile number)
Am I able to find out how FlightClaim got my data? I know you can request the data a company holds on you, but I don’t know whether you can easily find out how they got it?
It’s the principle which really bothers me more than anything
May 3, 2023, 11:45 am
#3
Original Poster
Join Date: May 2014
Programs: BAEC Gold, SAA Voyager
Posts: 214
May 3, 2023, 11:53 am
#5
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 63,769
I think the previous reports were also inbound into London. So my suspicion is that some ground agent somewhere is selling the data to FlightClaim. As I said at the time, this company is based in Singapore but does have a privacy policy so I would suggest you contact them to find out what information they have on you and where it came from. I imagine BA would also like to know the answer to that one.
There is also the possibility that when you sign up to an airport's wifi they may ask - or work out - your flight details.
There is also the possibility that when you sign up to an airport's wifi they may ask - or work out - your flight details.
May 3, 2023, 2:00 pm
#9
FlyerTalk Evangelist
Join Date: Oct 1999
Location: Juneau, Alaska.
Programs: AS 75K;BA Silver;AA G;HH Dia;HY Glob
Posts: 15,811
Here is another thread from a couple of months ago with some links to other reports:
BA Data Leaks
BA Data Leaks
May 3, 2023, 2:07 pm
#10
Join Date: Sep 2008
Location: AUS
Programs: BAEC Gold, AA PPro, Hyatt Globalist, Amex Plat
Posts: 7,039
May 3, 2023, 3:12 pm
#12
Join Date: Dec 2012
Programs: AA Plat Pro
Posts: 909
Following a long flight delay last week, and a flight cancellation on Monday night, I received an unsolicited text message today from FlightClaim.me telling me to start a flight claim as a “recent flight was delayed/cancelled and you may be elegible for compensation.”
What’s bothering me is how they got my data
I booked the flights directly on BA.com using avios
I have a Flighty app subscription where the flights were being tracked (but they don’t have my mobile number)
Am I able to find out how FlightClaim got my data? I know you can request the data a company holds on you, but I don’t know whether you can easily find out how they got it?
It’s the principle which really bothers me more than anything
What’s bothering me is how they got my data
I booked the flights directly on BA.com using avios
I have a Flighty app subscription where the flights were being tracked (but they don’t have my mobile number)
Am I able to find out how FlightClaim got my data? I know you can request the data a company holds on you, but I don’t know whether you can easily find out how they got it?
It’s the principle which really bothers me more than anything
May 3, 2023, 3:16 pm
#13
Join Date: Apr 2015
Location: US/UK - and elsewhere
Programs: BA Gold
Posts: 2,554
Good answer - I'm always (somewhat) surprised when paying for a taxi (cab) in the US by CC that they know my email address. They 'claim' it's done through the CC company, but can't be since the last time it ended up coming to my work email - so my phone must somehow be involved - and Tx information.
May 3, 2023, 3:40 pm
#14
Join Date: Nov 2010
Location: SFO
Posts: 273
Do you own a smart phone? Have you spoken about your flight delay with your phone nearby? Phones/apps do listen to you and make what they think are helpful (and you think, rightly so, are creepy) suggestions. Any number of apps, the carrier, or the manufacturer themselves, all may have a hand in targeted advertising.
Good answer - I'm always (somewhat) surprised when paying for a taxi (cab) in the US by CC that they know my email address. They 'claim' it's done through the CC company, but can't be since the last time it ended up coming to my work email - so my phone must somehow be involved - and Tx information.
I think the previous reports were also inbound into London. So my suspicion is that some ground agent somewhere is selling the data to FlightClaim. As I said at the time, this company is based in Singapore but does have a privacy policy so I would suggest you contact them to find out what information they have on you and where it came from. I imagine BA would also like to know the answer to that one.
There is also the possibility that when you sign up to an airport's wifi they may ask - or work out - your flight details.
There is also the possibility that when you sign up to an airport's wifi they may ask - or work out - your flight details.
GDPR breach: assuming you're a UK citizen, the UK-GDPR (not the European regulation) is what would grant you rights in this case. The rights of data subjects here are substantially similar to the EU version though, but your regulator is the Information Commissioner's Office (ICO). I believe it would be a relatively easy argument to make to the company that finding out how they obtained your data is aligned with the key right to be informed. If you want to follow up this process, you may want to talk to staff at the ICO. There are also many handy form letters out there on the internet that you could send to the legal contact address for the firm you're receiving solicitations from. You may also want to request that the firm delete your information; if they refuse, that's another piece of evidence you could take to the ICO.
Phones listening to you: this isn't the case, at least in the passive "I talked about flight delays therefore I'm being advertised to" sense. Ad targeting and predictive analytics are simply good enough that the digital trail you leave gives the impression that "they could only figure that out if they were listening to me" - but it's just your data trail. Whether this is a good state of affairs is a debate that I'll leave for another time and forum.
Credit cards and taxis: oftentimes this happens through a payment processor, not a CC company. For example, the Square credit card reader and point-of-sale solution will link your CC # to your email or phone number (if you request a digital receipt on the tablet) unless you opt out at the time of linking. So, if you pay for a coffee at a cafe using Square, request an email receipt, then later use the same card in a taxi that uses Square, you'll likely receive an email.
May 3, 2023, 4:03 pm
#15
Join Date: Apr 2015
Location: US/UK - and elsewhere
Programs: BA Gold
Posts: 2,554
Just got a text to my phone re. late flight from flightclaim.
In terms of phone#s - by CC (used for the booking) and the AA booking has the US# that the text came to - the BA side of things only has my UK# - which seems to imply it was a breach from the US side.
Oddly though, the taxi email receipt did not come to the email associated with my CC, but another one... .
In terms of phone#s - by CC (used for the booking) and the AA booking has the US# that the text came to - the BA side of things only has my UK# - which seems to imply it was a breach from the US side.
....
Credit cards and taxis: oftentimes this happens through a payment processor, not a CC company. For example, the Square credit card reader and point-of-sale solution will link your CC # to your email or phone number (if you request a digital receipt on the tablet) unless you opt out at the time of linking. So, if you pay for a coffee at a cafe using Square, request an email receipt, then later use the same card in a taxi that uses Square, you'll likely receive an email.
Credit cards and taxis: oftentimes this happens through a payment processor, not a CC company. For example, the Square credit card reader and point-of-sale solution will link your CC # to your email or phone number (if you request a digital receipt on the tablet) unless you opt out at the time of linking. So, if you pay for a coffee at a cafe using Square, request an email receipt, then later use the same card in a taxi that uses Square, you'll likely receive an email.