[BreachExchange] Air New Zealand data breach: Over 100, 000 Airpoints customers potentially affected

Destry Winant destry at riskbasedsecurity.com
Mon Aug 12 10:20:26 EDT 2019


Air New Zealand is warning over 100,000 Airpoints members that some of
their data may have been breached in a cyber attack.

The airline emailed customers today apologising and warning them to be
on the lookout for phishing emails.

The Privacy Commissioner John Edwards told 1 NEWS he was made aware of
the issue on July 31.

"We're sorry to advise that some of your personal information may have
been affected by a recent phishing incident relating to two Air New
Zealand staff accounts," spokesperson Jeremy O'Brien said.

The company said they have about 3.2 million Airpoints members and
about 3.5 per cent of them may have been impacted.

It said they had contacted the 112,000 potentially affected customers directly.

"While your Airpoints account was not accessed, some information
relating to your membership profile may have been visible in our
internal documents should these documents have been accessed. This
will vary by member and could include details such as Airpoints
number, members’ name and email, as an example."

"Your Airpoints password and your credit card details are not affected.

"We have secured the two affected accounts and are conducting a
thorough investigation.

"We're also focused on further hardening our security processes to
help prevent any similar incidents from happening in the future.

"We would encourage you to be on the lookout for phishing emails over
the next few months."

More information about the BreachExchange mailing list