Although Singapore Airlines admitted this week that the personal information from hundreds of frequent flyer accounts was compromised, the company says that the security lapse which exposed passenger details including travel histories and, in some cases, passport numbers, was the result of a computer bug rather than outside hackers.
Singapore Airlines is the latest travel industry institution to fail to protect travelers’ sensitive personal information. In this case, however, the carrier says that the lapse which compromised the details of nearly 300 frequent flyers, was the result of a computer glitch rather than a cyber attack.
According to the tech news site ZDNet, the airline confirmed that detailed information about 285 of its frequent flyers, including travel histories, was exposed by a software bug. The carrier said passengers’ names, passport details, email addresses, account numbers, upcoming flights and travel histories may have been inadvertently made public for a brief period of time earlier this month.
“We have established that this was a one-off software bug and was not the result of an external party’s breach of our systems or members’ accounts,” an airline spokesperson told ZDNet’s Eileen Yu in a statement. “The period during which the incident occurred was between 2am and 12.15pm, Singapore time, on 4 January 2019, at which point the issue was resolved.”
According to Singapore Airlines, an internal audit identified the affected passengers. The carrier says those flyers have all been informed of the breach. The company added that there is no indication that any credit card details were exposed as a result of the glitch.
ZDNet earlier reported that at least one frequent flyer contacted the airline to inform them that he was able to view fellow flyers’ personal details after logging in to his KrisFlyer account. That passenger claimed he was told by the carrier that the issue was due to a “system upgrade” and then told simply to log out until the following day.