The World's Largest Airline Ticket Database Was Sold To Homeland Security (Here's Why It Matters For Travelers)

Between flight delays, baggage fees, and the hassle of going through security, today's airport experience keeps getting worse. It doesn't help that, according to a reveal by Wired and 404 Media, another major blow has come to light. The Airlines Reporting Corporation (ARC) has reportedly started selling passenger data it collects to the Customs and Border Protection (CBP) division of the U.S. Department of Homeland Security (DHS). If you've flown since June 2024, you're already in the system. And you'd have had no way of knowing your personal information wasn't secure since there's been no mention of the data's changing hands by any airline's privacy policy or fine print. In fact, one of ARC's condition of sale was preventing passengers from knowing who'd sold them out.

ARC, owned by major airlines — Delta, Southwest, United, American Airlines, Alaska Airlines, JetBlue, and European airlines Lufthansa and Air France, and Canada's Air Canada — collects data on behalf of practically every airline in the world. It gathers passenger information like names, ID numbers, flight itineraries, and financial details and stores it all, creating historical snapshots of individuals based on their travel history. And per reports, it has failed to register as a sanctioned data broker.

Even if it's just a myth that Transportation Security Administration (TSA)'s biometric ID technology is used to surveil or profile people, with access to ARC's database, the DHS now has near real-time flight reservation details for the majority of American and international air traffic. It's a major expansion of government surveillance, using tax dollars to reportedly evade legal processes for obtaining data through subpoenas and warrants. What's more, travelers had no idea their personal information was being collected, let alone handed over to the CBP. And it's too late to even do anything about it.

CBP has assured Wired that its goal is to act in public interest and it does not use ARC's data to surveil travelers, but rather accesses the database only once an investigation into a person of interest is already open. But the CBP isn't even the only U.S. agency to have purchased airlines' data services. A Freedom of Information Act request filed by 404 Media in May 2025 confirmed that eight other government organizations — including Immigration and Customs Enforcement (ICE) — had all signed contracts with ARC.

This lack of transparency from airlines breaches trust with passengers, particularly since their public-facing privacy policies fail to inform customers their data has been bought. Despite the government's claims to the contrary, civil liberties advocates fear the data could be accessed at any point for predictive profiling, even of travelers who've yet to give reason for criminal suspicion. As of this writing, there are no clear legal or regulatory protections governing how the data can be used once in DHS hands. And it's not just Americans this affects, since the records include international flight bookings.

Countries like the U.K. are already warning their citizens off of traveling to the U.S. in response to the CBP's seemingly erratic new security policies. And it's unclear whether the ARC sale breaches international data-sharing agreements or whether other countries will be able to, or already have begun to, follow suit. What is clear is that passengers on commercial airlines have no way to opt out of data collection. The best they can do is limit what personal info they do share when making a booking, and become vigilant in understanding how their personal data is shared — even for something mundane as airline travel.