The Australian Information Commissioner and Privacy Commissioner Angelene Falk has handed down a determination that Flight Centre breached the privacy of 6,918 customers when it held its “design jam” event across the weekend of March 24 to March 26 in 2017.
On the first day of the event, Flight Centre handed a data set containing production data from the 2015 and 2016 calendar years to the 16 teams competing in the event, which consisted of 90 people in total.
The data set had 106 million rows of data, with the company believing it had obfuscated personal information of its customers, leaving only the customer’s year of birth, postcode, gender, and booking information. In the determination made by Falk, Flight Centre had its business intelligence and Australian infosec teams, as well as event coordinators review the first 1,000 rows of data to confirm there was no sensitive information in the file.
However, 36 hours after the event had begun, a free text field under a column called “ProductName” was found by one of the participants to contain credit card information.
Flight Centre then reviewed the file and found it contained 4,011 credit cards and 5,092 passport numbers affecting 6,918 people, as well as 475 usernames and passwords to mostly vendor portals. 757 dates of birth were also identified.
Upon learning of the breach, the company prevented access to the file and truncated the column to 10 characters, received verbal confirmation from participants that they had destroyed all copies of the file, and began a post-incident review. Those who had their payment or passport details breached were notified by the company, offered free identity theft and credit monitoring coverage for a year, and Flight Centre coughed up for the cost of replacing passports when customers opted for it.
Falk said that Flight Centre determined it was a low-risk incident because it involved no intrusion, the incident was not malicious, a known number of third parties had access to data, and there was no evidence of misuse.

The heart of the breach was Flight Centre having no technical controls to prevent travel consultants from entering passport information and credit card details into a free text field other than complying to company policy, Falk wrote.
“The absence of technical controls to prevent or detect such incorrect storage caused an inherent data security risk in terms of how this kind of personal information was protected by the respondent immediately prior to the data breach,” Falk said.
At the time of the incident, Flight Centre had the ability to detect inappropriate storage of credit card information in some of its systems, but not its quoting, invoicing, or receipting systems. The company now scans on a weekly basis for the storage of payment and passport information in free text fields.
Falk also criticised the company for handing over such a large data set in the first event it had run, and not requiring participants to sign an agreement.
“This determination is a strong reminder for organisations to build privacy by design into new projects involving personal information handling, particularly where large datasets will be shared with third-party suppliers for analysis,” Falk said on Monday.
“Organisations should assume that human errors — such as the inadvertent disclosure of personal information to suppliers — could occur and take steps to prevent them.
“They should also carry out privacy impact assessments for data projects to assist in identifying and addressing all relevant privacy impacts.”
Due to the company reacting swiftly, notifying individuals before the Notifiable Data Breaches Scheme came into force, offering those impacts a number of services, paying for monitoring of the dark web to see if the details were misused, and candour when dealing with her office, Falk said it was not appropriate to take further action other than declaring Flight Centre does not repeat its actions.
Related Coverage More

Screenshot by Lance Whitney/ZDNETWant to learn more about a landmark, painting, animal, plant, food, or other object that you’ve snapped with your iPhone’s camera? Now you can, with an iOS 18.1 photo look-up feature called Enhanced Visual Search.By scanning and analyzing photos, this tool can categorize and even identify certain items via a web search. Enhanced Visual Search is also available on an iPad with iPadOS 18.1 and a Mac with MacOS Sequoia 15.1.Also: iOS 18.2 was killing my iPhone’s battery until I turned off this featureSounds great, right? Well, that depends. A similar feature called Visual Look Up first debuted with iOS 16, so this type of capability has been around for a couple of years. But Enhanced Visual Search is more advanced, as it shares your photos with Apple to help dig up the right details on the object. That difference has triggered privacy concerns among many people, especially since the sharing is enabled by default.How Enhanced Visual Search worksOpen a photo on your iPhone (or iPad or Mac) that contains an identifiable object. I chose a photo of the Statue of Liberty.If the item is supported by Enhanced Visual Search, the info icon at the bottom will display a small star in the upper left area. Tap the info icon, and the search will categorize the object as a landmark, artwork, animal, plant, or something else. Tap the Look Up option under the photo, and a web search will name the item and let you select any of the search results to learn more about it.Also: Looking to buy a new Apple device? You might want to hold off. Here’s whyBut here’s the rub. To run that search, Apple needs to analyze the photo. Since there are potentially millions and millions of landmarks, animals, and other common items that could be a match, the analysis can’t be done on your device. That’s why the photos need to be shared with Apple and analyzed on its servers.With privacy in mind, Apple has anticipated concerns over photo sharing. On a web page entitled Photos & Privacy, the company explained how Enhanced Visual Search works: More

One of the new features that Apple has rolled out for its App Store is app privacy. Now, when a developer submits a new app or update, it also has to submit details about its privacy practices and how it handles data.
It basically lets you see what apps learn about you, and how the developer or company behind that app uses that data. 
Must read: Best of the best gadgets of 2020
To see this information, fire up the App Store app, search for your favorite app, and then scroll down to App Privacy and then tap App Privacy.
And depending on the app, get ready for some serious scrolling.
Here’s the information for the Facebook app:
[embedded content]
That’s a long list.

Here’s the information for TikTok:
[embedded content]
Some developers — even big ones — have not yet issued privacy data.

Google has not yet issued privacy information

Amazon has not yet issued privacy information
When developers submit a new app or an update, this information will now need to be supplied.
Does this new feature make you think twice about installing and using some apps? Let me know. More

When is October Prime Day 2025? This year, Amazon’s October Prime Day sale ran from Oct. 7 to Oct. 8. The sales event lasted for two days, where it showed off a wide range of deals on household goods, tech gadgets, and electronics, including laptops, PCs, and headphones.Are products at Best Buy really cheaper on Prime Day? Yes, they often are. As a major US retailer, Best Buy will often launch its own flash deals and sales days to compete with its rivals, and this can mean some worthwhile deals on everything from household items to high-end electronics. How did we choose these October Prime Day deals?ZDNET authors only write about deals that interest us personally and include products that we own or want to buy. Our experts looked for deals that were at least 20% off (or are normally not on sale), using established price comparison tools and trackers to determine whether the deal actually represents value for your money. We also examined customer reviews to find out what matters to those who already own and use the products and deals we’re recommending. Our recommendations may also be based on our own testing and hands-on experience. More

When is Black Friday? Black Friday 2025 falls on Nov. 28, the day after Thanksgiving. But if you’re looking to get a jump on your holiday shopping, retailers like Amazon and Best Buy are already offering markdowns on everything you need to upgrade your PC gaming setup. From monitors and headsets, keyboards and speakers, to desktops and laptops, you’ll be able to build the battle station you’ve always dreamed of without spending a fortune. Are gaming PCs and accessories really cheaper during Black Friday? While you’re more likely to see the steepest discounts on accessories like headsets, keyboards, and mice, as well as sales on digital games, you can still snap up a new desktop or laptop for a decent price if you keep a sharp eye out. You can also find decent discounts on PC building components, like CPUs and SSDs for upgrading your current build or setting up a new DIY PC.How did we choose these early Black Friday deals?The holiday shopping season is prime sale time for all things gaming, and with so much going on sale at once, it can be hard to know where to look to find the best markdowns on things you actually want or need for your setup. I only included computers, peripherals, and accessories from well-known and trusted brands like HP and Lenovo, because taking a gamble on an unknown brand usually ends in disaster on Christmas morning. I also only included the best discounts I could find on the most sought-after components and accessories, as well as pre-built desktops and gaming laptops, and I didn’t include anything that wasn’t at least 15% off to help you get the most out of your holiday shopping budget. More