The baggage industry boldly trumpets the security of its products, promising 'worry-free travel'. But in just a couple of distracted minutes, your stored valuables could be stolen.
Using a key printed on a 3D printer, our investigators discovered that they could potentially open the luggage locks of almost any bag in the world.
More than four years ago, the master keys for luggage locks fitted to the majority of suitcases and cabin bags were leaked, yet the Transportation Security Administration (TSA) - effectively the US version of the UK Border Force - continues to advise travellers to only use its approved locks.
Any luggage taken to the US must be able to be opened by TSA staff or have official TSA-accepted locks giving agents access if they need it. Such locks are used by 500 luggage and padlocks brands globally, so chances are that your luggage has one.
There are seven TSA-accepted luggage locks - from 001 to 007. In 2014, a US newspaper published a story about the TSA, which was accompanied by photos of a complete set of the master keys. The photos were quickly taken down from the newspaper's website, but not before the keys were replicated and templates posted on the internet.
That was more than four years ago, yet bags are still being sold with the same TSA locks. And, as we've found out, the templates to the leaked keys still work.
After locating the template for TSA 007, which most bags on sale use, we were able to print a key using a £200 3D printer.
It fitted fine in a range of suitcases, including bags we owned by Samsonite, Antler and American Tourister, but lacked the strength to be truly usable. So we contacted an online 3D printer service and ordered them in stainless steel - all with no questions asked.
Without needing any significant technical skill, a thief with similar printed keys could spot TSA locks on luggage in an airport, train station or hotel, and then easily take the contents inside.
Samsonite (which also owns American Tourister) told us that it makes premium luggage with the 'highest-quality locking systems'. But the company did advise customers to 'be vigilant when travelling and to not leave luggage unattended.'
It also said that after the TSA breach in 2014, it worked with its locks partner, Travel Sentry, to assess the impact.
Travel Sentry, which runs the global 'TSA Lock' security system across 650 airports in 30 countries, told us that it took the 2014 key leak seriously, but claimed that it had no perceptible impact on travellers' property security.
It said that most luggage crimes involve thieves accessing bags using brute force rather than a key. It claimed that its locking system gives travellers a 'measure of security' while also enabling the TSA to get into their bags if needed. It added that a locked piece of luggage is 'still a proven deterrent to theft and tampering'.
We received no response from the TSA when we asked it to comment.
The TSA locks are a physical example of what's known as a 'back door' - effectively a built-in way for authorities to breach security for a legitimate reason. However, it's a big problem when the back door is open for anybody to enter.
Thousands, possibly millions, of luggage items (along with TSA-accepted padlocks and other locks) are at risk from theft due to this flaw, yet nothing has been done in more than four years since the leak.
Our investigators found that a cheap padlock from a DIY store actually offers better protection against luggage theft.
If you're travelling to the US, keep your bag locked with the padlock until you get to the airport, and then remove it. That way, you can have a decent level of security, while also complying with US air travel rules.