All I want for Christmas… is Cyber Hygiene awareness

When a large airline faced major disruption last week due to a “multitude of unforeseen operational challenges” [their words], it understandably left many of those who had expected to fly on one of the +1000 cancelled flights, frustrated. Images of boarding passes and lengthy complaints began appearing on LinkedIn, leading to a warning post from me, because it would seem that not everyone is aware of the potential risks they are exposing themselves to, if they share sensitive data online. And what a boarding pass says about a passenger is similar to what an AWB says about a shipment. Ergo, Cyber Hygiene is a must and, in the face of increasing Cyber Security threats, awareness of what can go wrong is all the more important.

When I worked for a major cargo airline, dabbling in marketing at one point because there was a need for support (and I have always been a Jill of All Trades), I remember being instructed not to show AWB information on any cargo warehouse or apron images being used in company communication. Those were the days prior to most of us having access to high-quality cameras in our pockets, in the shape of smartphones. And even barcode scanners were a relatively new thing. Nevertheless, we were told that competitors should not be able to see who our customers were, nor should criminals gain access to shipment information as this could lead to risk of theft, for example. Granted, in those days, they would have had to work a little more to extract the information they were looking for.

The risk is even bigger these days
These days, however, everyone and anyone working in or walking through a cargo warehouse, owns a smartphone and can upload images online in the blink of an eye. Many of us enjoy sharing what we do, online – and that can include ‘behind the scenes’ videos or images from work. A great way to attract new talent, but also unwanted attention, fraud, and security risks. Phones can also function as scanners. More information is digitally available online. AI potentials are increasing. Drone cameras exist – as do things like Google Glasses which are also capable of barcode scanning.
Vulnerability is on the increase not only because our industry is so fast paced, but also due to plethora of opportunities cybercriminals have at their fingertips. Imagine – many warehouses have video surveillance. What if that system gets hacked, for example?
Am I exaggerating or unnecessarily pessimistic? Perhaps, but there is a point to get across to your colleagues or employees

Treat AWB details like payment/identity data
Cyber hygiene in air cargo increasingly hinges on what staff share online as much as on firewalls and passwords, and images containing Air Waybill (AWB) data are a growing, often overlooked risk. Treating AWB details like payment or identity data is essential cyber hygiene for any airline, GSSA, forwarder, or handler.
Why? Because an AWB is not just a neutral cargo label. In a digitalized air cargo environment, an AWB label is effectively an access key and intelligence source for organized crime. AWBs typically reveal sensitive shipment and customer data such as shipper/consignee names and addresses, descriptions, routing, weight/volume, and unique shipment identifiers. All that information can be exploited for cyber-enabled cargo theft, fraud, or privacy breaches.
Many air cargo systems allow shipment look-up or status changes using just the AWB number along with basic shipment data – very similar to how passenger sites allow access with a booking reference and name. So, when an AWB label or manifest is posted publicly, high-value and sensitive shipments become visible to anyone, increasing targeting risks, including theft, fraud, and extortion.

Parallels with boarding pass oversharing
Passenger cybersecurity incidents show how dangerous ‘just a photo’ can be when it contains codes and identifiers. Boarding passes have enabled attackers to access bookings, change flights, and harvest personal data using visible PNR locators and barcodes; AWB barcodes and numbers can be used in analogous ways on cargo portals. Just as boarding pass barcodes can be decoded from social media photos, AWB barcodes can reveal structured shipment data far beyond what the naked eye sees. In addition, location and timing embedded in photos (in the form of metadata or geotags) can reveal when high-value shipments are in specific facilities, providing intelligence for physical crime as well as cyberattack planning.

Enabling cyber‑enabled cargo theft
Public AWB images make it easier for organized groups to target high‑value and time‑critical loads. Criminals increasingly combine cyber techniques with logistics knowledge to identify profitable shipments and orchestrate strategic thefts, such as impostor pickups and diversions. Knowing the AWB, route, timing, and commodity profile helps attackers plan impersonation, fake collection instructions, or fraudulent delivery changes that reroute cargo.
Attackers could use visible AWB numbers and basic shipment data to attempt access to airline or forwarder tracking portals, change delivery details, or download documents that reveal more sensitive information, for example. They can exploit real shipment references and customer names from AWB labels to craft convincing emails, calls, or platform messages that request account access, payment changes, or document reuploads. Or they can convincingly impersonate shippers, consignees, or ground handlers to request diversions, pickups, or data ‘corrections’.
And then there’s the issue that I was warned of a couple of decades ago: ‘competitive and commercial espionage’. Regular leaks of AWB labels on social media can reveal customer lists, trade lanes, and volumes, and – aside from the obvious data protection breach – this can greatly undermine commercial confidentiality and contract obligations.

Cyber hygiene basics for AWB handling
So, to avoid negative consequences, theft, fraud, and other problems, you should ensure cyber hygiene awareness throughout your company and make sure that everyone is aware of the risks.

• Treat AWB data as sensitive: Classify AWBs and related labels as confidential business information, subject to the same restrictions as financial or HR data.
• Enforce a ‘no uncensored AWBs online’ rule: Corporate social media and personal posts from work should never show readable AWB numbers, barcodes, addresses, or detailed commodity descriptions.
• Mask before you post: If operations or marketing demand photos, insist on full masking or blurring of AWB numbers, barcodes, names, and addresses, and avoid photographing entire pallets of labelled freight.
• Control metadata and geotags: Disable automatic geotagging and strip metadata from images taken in secure areas to reduce location leakage.
• Align with aviation cybersecurity frameworks: Cyber hygiene policies around information sharing should be integrated with broader aviation cybersecurity guidance from ICAO, IATA, and regional regulators.

Build an air cargo security culture
Regularly awareness training showing the negative consequences of social media oversharing should be implemented, along with a clear, simple message: “Treat AWBs like you would your credit card details”. Never photograph them, never post them, and challenge colleagues who do.
The more hyper-connected the air cargo industry becomes, the more crucial it is that everyone understands the danger of oversharing online.
Let’s dedicate 2026 to Cyber Hygiene. What do you think?