Over 100,000 Air New Zealand Airpoints customers have been affected.
A phishing attack has exposed the personal information of approximately 112,000 Airpoints customers, with names, details and Airpoints numbers among data compromised.
Air New Zealand notified the New Zealand’s Office of the Privacy Commissioner about the breach on July 31, however customers were only informed about the attack on August 9.
The airline emailed the impacted customers apologising about the breach and warning them to keep an eye out for any phishing emails.
In a statement, Air New Zealand stated that Airpoints accounts were not accessed, and Airpoints passwords and credit card details were not affected. However some membership profile information may have been visible to internal documents “should these documents have been accessed.”
An investigation is being conducted into the breach, and currently only two affected accounts have been secured.
Jeremy O’Brien, spokesperson from Air New Zealand commented:
“We’re also focused on further hardening our security processes to help prevent any similar incidents from happening in the future”
Dr Panos Patros, a cybersecurity specialist at the University of Waikato, has commented that the breach could become more of an inconvenience for affected customers than thought, with victims having to deal with the long term consequences of their data being exposed.
“The problem is, the moment things are out there, then they can be used as a means to gain further information. Because now they have something of you so then they can use it in another attack or to confuse someone else.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/