After more than two years of hearings and appeals, an intermediate court in Beijing ruled on Monday that it is “highly likely” customer information from China Eastern and Qunar.com was leaked to phone scammers, according to a report in Sixth Tone’s sister publication, The Paper.

The case dates back to October 2014, when a man surnamed Pang booked a flight with China Eastern through Qunar, a popular online travel service controlled by internet giant Baidu. Pang entrusted a third party, surnamed Lu, to make the booking on his behalf, which Lu did using a personal phone number.

Pang was surprised, then, when two days later he received a text message to his own phone number — which he had only used for previous bookings — informing him that his reservation had been canceled due to a machine error and that he would need to reschedule his flight. (Charging a “rebooking fee” is a common tactic used by phone scammers.)

Smelling a rat, Pang instructed Lu to call China Eastern’s customer service hotline. When Lu did so, a representative said that the flight had not been canceled and that all of Pang’s travel plans seemed to be in order.

Pang sued the airline for 1,000 yuan ($145) to compensate for the “emotional distress” he suffered in having his work and travel plans disrupted. He lost the case, however, because the court was unable to determine where the leak had occurred, and as such could not assign blame to either the airline or the travel-booking service.

On March 27, nearly two and a half years after the initial incident, the First Intermediate People’s Court of Beijing ruled on appeal that a leak had probably occurred, and that both Qunar and China Eastern should bear responsibility for infringing on customer privacy. The verdict required both companies to issue formal apologies to Pang within 10 days but denied Pang’s claim for monetary compensation.

China Eastern is the world’s seventh-largest airline in terms of passenger traffic, according to 2014 data from the International Air Transport Association, an industry trade group. Qunar and one-time rival Ctrip dominate the Chinese travel industry. In October 2015, Ctrip announced a share exchange with Baidu, giving the former a 45-percent stake in Qunar and the latter a 25-percent stake in Ctrip.

This is not the first time air travelers in China have complained of being contacted by phone scammers. In January 2014, China Eastern, along with budget competitor Spring Airlines, was accused of leaking customer information, including names and flight numbers, to fraudsters. Those affected reported similar experiences to Pang’s: text messages from unidentified senders trying to swindle them out of money. After an internal investigation, however, the airline announced on its Weibo microblog that it “found no evidence that any customer information was leaked.”

Eleven months later, in December, a so-called white hat hacker revealed that a “significant amount” of China Eastern customers’ personal information — including names, dates of birth, passport and ID numbers, and private addresses — had been leaked after an attack on a computer system used by one of its ticketing agents. Clients targeted were those who had received refunds from the agent, and the attack occurred after the airline claimed to have upgraded its computer systems amid ongoing security concerns.

According to the Beijing court that ruled on the appeal, the fact that there had been previous complaints of leaked information bolstered the plaintiff’s claims. “This special background heightens the possibility that the two companies did in fact leak Pang’s personal information,” the court said.

Editor: Kevin Schoenmakers.

(Header image: China Eastern Airlines planes on the runway at the Kunming Wujiaba International Airport in Yunnan province, May 31, 2009. Zhao Yun/Sixth Tone)