Airlines Secretly Sold Your Travel And Payment Data To The IRS And FBI - Now They’re Being Sued

Key Points:

• A class action lawsuit has been filed against TD Bank and Airlines Reporting Corporation (ARC) for allegedly exposing travelers' payment details and selling access to a database containing over 1 billion airline ticket purchase records to multiple federal agencies without proper authorization.
• ARC, which processes about $100 billion in travel bookings annually and facilitates transactions between airlines and travel agencies, operated a "Travel Intelligence Program" that allowed government agencies to search passenger names, itineraries, fare details, payment methods, and credit card numbers.
• The lawsuit claims this practice violated the Right to Financial Privacy Act, which restricts government access to financial records without customer consent or legal process, and the Gramm-Leach-Bliley Act, which mandates financial institutions notify customers about sharing nonpublic personal information.
• The legal complexity arises because the government accessed data sold by ARC, not directly from TD Bank, which only processed payments; thus, the case hinges on whether ARC’s database constitutes protected financial records derived from a financial institution.
• Although ARC has ceased selling the data following public backlash, the case highlights concerns over privacy, government overreach, and trust breaches between airlines, travel agencies, and passengers whose data was shared without clear consent.