JetBlue Airways acknowledged publicly on Friday that it had provided a Pentagon contractor with information on more than 1 million of its own passengers. That data, which was turned over in violation of the airline's own privacy policies, was then used to identify the passengers' Social Security numbers, financial histories and occupations as part of a program to track down terrorists and other "high risk" passengers.
JetBlue, a three-year-old discount airline, sent an e-mail message to passengers this week, conceding that it had made a mistake in providing the records last year to Torch Concepts, an Army contractor in Huntsville, Alabama, for a research project on "airline passenger risk assessment."
"This was a mistake on our part, and I know you and many of our customers feel betrayed by it," said David Neeleman, JetBlue's chief executive, in an e-mail message that the airline, based in New York, said was sent to about 150 passengers who had written in to complain.
Neeleman, the founder of JetBlue, which has been a rare success in the beleaguered airline industry and has prospered because of its reputation for low fares and consumer friendliness, insisted that none of the information had been shared with the government.
"The sole set of data in Torch's possession has been destroyed," he wrote. "No government agency ever had access to it."
Privacy rights groups expressed astonishment that JetBlue had shared so much passenger information with a government contractor, describing the privacy breach as among the most serious reported by any American company in recent years.
JetBlue's announcement comes at a time when many civil liberties groups are warning that privacy rights are becoming victims of the government's struggle against terrorism and the desire of law-enforcement and intelligence agencies for quick access to customer information that has traditionally been closely held by corporations.
The airline said it had provided Torch Concepts with records on about 5 million individual itineraries, reflecting the travels of about 1.1 million passengers in 2001 and last year. The records, it said, would have included the passengers' names, addresses and phone numbers but would not have included their credit-card numbers or government identification numbers commonly collected from travelers like passport numbers.
A lawyer for Torch Concepts, Richard Marsden, said that the passenger records provided by JetBlue were destroyed by the contractor earlier this week after the existence of the project was reported by Wired.com, a technology-news site on the Internet.
"It's all been destroyed in the last twenty-four hours," he said in a telephone interview.
But privacy advocates said further investigation was needed.
"Five million is a big number," said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. "JetBlue passengers have reason to be very upset. Will the data be destroyed? Will there be some compensation for the passengers?"
Neeleman said that the passenger information was turned over last year as a result of an "exceptional request from the Department of Defense to assist their contractor, Torch Concepts, with a project regarding military base security."