Digital aviation company FlightAware is apologizing after recently discovering a “data security incident” related to a “configuration error.” The incident, however, was not recent as it occurred over three years ago.

Thousands of subscription users may have had their personal information shared “inadvertently.” The major flight-tracking platform released a statement notifying its users of the security episode, but appears to have shared two different versions of its remarks.

Accidentally exposing personal data

FlightAware’s President and General Manager, Matt Davis, revealed the data exposure in an email to its users on Sunday.

“On July 25, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address. Depending on the information you provided, the information may also have included your full name, billing address, shipping address, IP address, social media accounts, telephone numbers, year of birth, last four digits of your credit card number, information about aircraft owned, industry, title, pilot status (yes/no), and your account activity (such as flights viewed and comments posted).”