By now, most Americans understand that companies regularly share or sell personal information. But few would expect their domestic flight records to be part of that exchange. You might assume your travel details stay between you, the airline, and maybe a travel agency. But new documents show that major U.S. airlines are selling passenger data to a little-known broker, which then passes that information directly to the Department of Homeland Security (DHS).
Airlines selling passenger data through ARC
The Airlines Reporting Corporation (ARC) stands at the center of this issue. Several major U.S. airlines, including Delta, United, and American Airlines, own ARC. While ARC’s primary job is to process ticket transactions between travel agencies and airlines, it also runs a lesser-known project: the Travel Intelligence Program (TIP). Under TIP, ARC collects and sells vast amounts of personal travel data, including names, itineraries, and payment methods. Neither ARC nor the airlines inform travelers that they’re sharing this information with the government.
Government agencies are buying your flight data
Since June 2024, U.S. Customs and Border Protection (CBP) has purchased access to ARC’s TIP database. Agents can query it by name, credit card number, or even travel agency. The original contract cost around $11,000, with a recent $6,800 extension. While small in price, it grants CBP the power to track people through private flight records. ARC also asked CBP to keep its name confidential unless legally required to disclose it.
CUSTOM DATA REMOVAL: WHY IT MATTERS FOR PERSONAL INFO ONLINE
What DHS is collecting from your flight bookings and why it’s concerning
ARC’s TIP database includes over a billion travel records. The system updates daily and logs both past and future flights, but only those booked through third-party services like Expedia or Orbitz. Tickets purchased directly on an airline’s website or app remain outside of ARC’s system. DHS claims it uses the data only during active investigations, but critics warn this kind of private-sector surveillance partnership weakens existing privacy protections.
Multiple federal agencies are involved
CBP isn’t the only agency tapping into airline data. Procurement documents show that many others have bought ARC’s information, including:
- Immigration and Customs Enforcement (ICE)
- U.S. Secret Service
- Securities and Exchange Commission (SEC)
- Drug Enforcement Administration (DEA)
- Transportation Security Administration (TSA)
- U.S. Air Force
All of this happens without public knowledge, raising concerns about unchecked surveillance.
MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINS
6 ways you can protect your privacy from data brokers
If you want to take back control of your personal information, here are six smart steps you can take right now to reduce your exposure to data brokers.
1) Book flights directly with the airline
Whenever possible, avoid third-party platforms like Expedia, Orbitz, or travel agencies. These companies are the primary source of ARC’s data. After comparing prices, complete your purchase directly on the airline’s website or app. This keeps your personal details out of ARC’s system and away from government contracts.
2) Use virtual or disposable credit cards
The ARC system allows queries by credit card number, which means your travel activity can be tracked even if your name is not directly searched. To protect yourself, consider using a virtual credit card or a disposable card number for flight bookings. These are often available through banking apps or fintech services like Revolut, Privacy.com, or certain American Express accounts. Virtual cards are tied to your main account but generate a temporary number that can only be used once or at a specific merchant. This makes it much harder for brokers to link future bookings to you.
3) Share the bare minimum when booking
Be cautious about the personal information you enter during the booking process. Unless it is legally required, avoid adding unnecessary details like your frequent flyer number, passport data for domestic flights, or secondary phone numbers. You can also create a separate email address specifically for travel bookings to reduce the risk of cross-linking data with your other online accounts. When it comes to loyalty programs, consider opting out or using a separate identity if you are concerned about data being shared across companies.
4) Remove your data from the internet
The most effective way to take control of your data and avoid data brokers from selling it is to opt for data removal services. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.
The longer you wait, the more data brokers spread your personal information online. I recommend Incogni to help you remove that data automatically (and they make sure it stays removed) without any effort on your part.
Exclusive Deal for CyberGuy Readers (60% off): Incogni offers a 30-day money-back guarantee and then charges a special CyberGuy discount for all annual plans only through the links in this article for as low as $6.63/month for one person (billed annually) or $13.19/month for your family (up to 5 people) on their annual plan. This fully automated data removal service provides ongoing protection from 250+ data brokers, and if you choose the Unlimited plan, you can also request removals from specific sites where your personal information appears.
I recommend the family plan because it works out to only $2.31 per person per month (or $4.79 per person per month if you get the Unlimited plan) for powerful year-round privacy protection. It’s an excellent service, and well worth trying to see how much of your information is being exposed and how effectively it can be removed.
Get Incogni here
Get Incogni for your family (up to 5 people) here
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
5) Use a privacy-focused browser and email service
Prevent tracking at the source by using privacy-first tools. Switch to browsers like Brave, Firefox, or DuckDuckGo, which block ads and data collectors by default. Set up a separate, secure alias email address for booking travel using services. This limits how easily brokers can link your travel data to your online identity. See my review of best secure and private email services here
6) Use an identity theft protection service
If your travel or payment data is ever leaked or abused, freezing your credit can help prevent identity theft. Identity Theft companies can assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. They can also monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account.
5 GREAT TIPS FOR PLANNING YOUR NEXT TRAVEL GETAWAY
Kurt’s key takeaway
The idea that airlines and their partners are selling passenger data to the government, without consent, raises serious concerns. It highlights how vulnerable travelers are to data collection, tracking, and surveillance. But you can push back. By being selective about how and where you book flights, using secure tools, and limiting the personal information you share, you can reduce your exposure and take control of your privacy.
Would you change how you book flights if it meant protecting your personal data? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
link