Air New Zealand customers told of Star Alliance data breach
https://www.nzherald.co.nz/business/...5HS74CPBOKVVU/
Apparently "only a small subset of Airpoints customers have been impacted" although this line stuck out to me the most Air New Zealand is not telling its customers which partner airline was affected Deductions from my personal experience is that the 'culprit' is SQ |
Originally Posted by c3rn
(Post 33078673)
https://www.nzherald.co.nz/business/...5HS74CPBOKVVU/
Apparently "only a small subset of Airpoints customers have been impacted" although this line stuck out to me the most Why not?! Deductions from my personal experience is that the 'culprit' is SQ |
The NZ Herald seems pretty confused. If they'd done any basic research rather than just seemingly writing a story based on the Air NZ customer email they'd know this all relates to the SITA data breach.
No individual airline had a data breach - it was *G data that SITA had, hence it only affecting a small percentage of Airpoints customers who are Gold or Elite (and seemingly *G customer data for every *A airline). https://www.sita.aero/pressroom/news-releases/sita-statement-about-security-incident/ |
Is interesting SITA was pwned yet only the *G data for lounge access was accessed.
Given what else SITA does surprised the data accessed is so small. |
Originally Posted by c3rn
(Post 33078673)
Deductions from my personal experience is that the 'culprit' is SQ
|
Originally Posted by henrus
(Post 33080611)
Not sure why you'd say that. SQ sent out an email very similar to Air NZ so it probably isn't them. A few on other threads are pointing the finger at Air India.
See press release a few posts before https://www.sita.aero/pressroom/news...rity-incident/ First sentence SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines. |
What struck me was how blasé Air NZ was - the email I got even suggested I shouldn’t bother changing the password!
|
I never received anything from NZ but did receive a notification from SQ, and it appears not them as their message starts off:
"SITA, an information technology company providing passenger service systems, has informed Singapore Airlines of a data security breach involving their passenger service systems’ (SITA PSS) servers. While Singapore Airlines is not a customer of the SITA PSS, another Star Alliance member airline is...." |
Originally Posted by gratn
(Post 33080845)
What struck me was how blasé Air NZ was - the email I got even suggested I shouldn’t bother changing the password!
AirNZ only provides Name, Number and tier to this SITA system. Your AirNZ password or hash is not given to them. So there is no need to change your AirNZ password. Sure the authentication credentials which AirNZ (and other airlines) uses to auth to this system will need to be changed, but there is no action for individual parties to do. |
For those who didn't get the email, I've copied the one I got here (second time my Air NZ info has been leaked too, although last time it was a bit more info).
Kia ora Trumpkyn, We have recently been alerted that a Star Alliance partner has been impacted by a security data breach, involving some of our customers’ data as well as that of many other Star Alliance airlines. The Star Alliance member airlines share minimal frequent flyer data between each other and limited third parties to ensure benefits can be used across different carriers, for example access to member lounges. Unfortunately, some of your information has been involved in this data breach however, this is limited to your name, tier status and membership number. This is the full extent of frequent flyer data Air New Zealand shares with other Star Alliance member airlines. This data breach does not include any member passwords, credit card information or other personal customer data such as itineraries, reservations, ticketing, passport numbers, email addresses or other contact information. What do you need to do? You do not need to do anything. There is no need to change your password or take any other action. Air New Zealand takes data security and privacy seriously and we want to assure you we are working with Star Alliance to ensure stronger systems are in place to prevent any similar issues occurring in the future. We do apologise for any inconvenience this has caused and if you have any further questions, please don’t hesitate to email us at [email protected]?subject=Se...0New%20Zealand Ngā mihi nui, Leanne Geraghty Chief Customer and Sales Officer |
Originally Posted by nzkarit
(Post 33080697)
SITA has said it was them.
See press release a few posts before https://www.sita.aero/pressroom/news...rity-incident/ First sentence The breach also impacted oneworld airlines however I believe it was more than one in the alliance that was using the SITA platform. |
Originally Posted by sbiddle
(Post 33079329)
The NZ Herald seems pretty confused. If they'd done any basic research rather than just seemingly writing a story based on the Air NZ customer email they'd know this all relates to the SITA data breach.
No individual airline had a data breach - it was *G data that SITA had, hence it only affecting a small percentage of Airpoints customers who are Gold or Elite (and seemingly *G customer data for every *A airline). https://www.sita.aero/pressroom/news...rity-incident/ |
*S data is shared as well
|
Originally Posted by codyc1515
(Post 33086460)
I've never had *G / *E yet I got the email. I was previously *K and am currently *S. Not sure why my data would be exposed as *S as this doesn't grant lounge entry. I guess it makes sense to share it with other airlines for, say, priority standby.
Or koru for LAX entry? |
LAX *A lounge doesn't offer access to Koru members.
|
All times are GMT -6. The time now is 10:03 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.