Cybersecurity Agency Issues Warning: 4 Ways to Protect Personal Data on Flight and Event Tickets

The Administration of Cyber Security (ACS) under the Ministry of Digital Affairs issued a warning today regarding the risks of sharing travel and event tickets on social media. Officials noted that barcodes and QR codes on these documents contain sensitive personal information that can be exploited by malicious actors.

ACS Director Tsai Fu-lung explained that barcodes on airline tickets and concert passes are linked to personal identity and rights. Sharing photos of these tickets publicly poses a severe risk of data leakage. ACS section chief Li Tung-yi highlighted that scanning a flight ticket barcode can reveal a passenger's full name, PNR code, travel itinerary, and membership details, allowing unauthorized access to airline systems to alter schedules or meal preferences.

Furthermore, sharing concert tickets can lead to QR code theft, where unauthorized individuals may use them to gain entry, or resell them, potentially implicating the original buyer in illicit scalping activities.

To mitigate these risks, the ACS recommends four protection measures: 1. Do not share ticket posts on social media. 2. Ensure all barcodes are fully covered before uploading. 3. Use physical methods (such as notebooks or manual covering) to obscure codes. 4. Thoroughly shred tickets after use.

Li cautioned that digital redaction can be unreliable if the file is not saved as a non-editable image. If a breach occurs, the public should immediately contact the service provider or relevant authorities. Some platforms, such as the HSR mobile app, have already implemented anti-screenshot mechanisms to enhance security.