FlyerTalk Forums
Page 1 of 2
1
2
Show 40 post(s) from this thread on one page

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Air New Zealand | Air Points (https://www.flyertalk.com/forum/air-new-zealand-air-points-440/)
-   -   Air New Zealand customers told of Star Alliance data breach (https://www.flyertalk.com/forum/air-new-zealand-air-points/2035288-air-new-zealand-customers-told-star-alliance-data-breach.html)

c3rn Mar 5, 2021 2:41 am
Air New Zealand customers told of Star Alliance data breach
 
https://www.nzherald.co.nz/business/...5HS74CPBOKVVU/

Apparently "only a small subset of Airpoints customers have been impacted" although this line stuck out to me the most
Air New Zealand is not telling its customers which partner airline was affected
Why not?!
Deductions from my personal experience is that the 'culprit' is SQ

SeaProf Mar 5, 2021 8:47 am
Originally Posted by c3rn (Post 33078673)
https://www.nzherald.co.nz/business/...5HS74CPBOKVVU/

Apparently "only a small subset of Airpoints customers have been impacted" although this line stuck out to me the most


Why not?!
Deductions from my personal experience is that the 'culprit' is SQ
I was notified my account was affected. I have never flown Singapore nor made any bookings through them, although I have used their lounge in LHR.

sbiddle Mar 5, 2021 9:40 am
The NZ Herald seems pretty confused. If they'd done any basic research rather than just seemingly writing a story based on the Air NZ customer email they'd know this all relates to the SITA data breach.

No individual airline had a data breach - it was *G data that SITA had, hence it only affecting a small percentage of Airpoints customers who are Gold or Elite (and seemingly *G customer data for every *A airline).

https://www.sita.aero/pressroom/news-releases/sita-statement-about-security-incident/

nzkarit Mar 5, 2021 12:00 pm
Is interesting SITA was pwned yet only the *G data for lounge access was accessed.

Given what else SITA does surprised the data accessed is so small.

henrus Mar 5, 2021 5:51 pm
Originally Posted by c3rn (Post 33078673)
Deductions from my personal experience is that the 'culprit' is SQ
Not sure why you'd say that. SQ sent out an email very similar to Air NZ so it probably isn't them. A few on other threads are pointing the finger at Air India.

nzkarit Mar 5, 2021 6:59 pm
Originally Posted by henrus (Post 33080611)
Not sure why you'd say that. SQ sent out an email very similar to Air NZ so it probably isn't them. A few on other threads are pointing the finger at Air India.
SITA has said it was them.

See press release a few posts before

https://www.sita.aero/pressroom/news...rity-incident/

First sentence
SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines.

gratn Mar 5, 2021 9:24 pm
What struck me was how blasé Air NZ was - the email I got even suggested I shouldn’t bother changing the password!

ottiehund Mar 5, 2021 9:35 pm
I never received anything from NZ but did receive a notification from SQ, and it appears not them as their message starts off:

"SITA, an information technology company providing passenger service systems, has informed Singapore Airlines of a data security breach involving their passenger service systems’ (SITA PSS) servers. While Singapore Airlines is not a customer of the SITA PSS, another Star Alliance member airline is...."

nzkarit Mar 5, 2021 10:11 pm
Originally Posted by gratn (Post 33080845)
What struck me was how blasé Air NZ was - the email I got even suggested I shouldn’t bother changing the password!
Why change the password?

AirNZ only provides Name, Number and tier to this SITA system. Your AirNZ password or hash is not given to them. So there is no need to change your AirNZ password.

Sure the authentication credentials which AirNZ (and other airlines) uses to auth to this system will need to be changed, but there is no action for individual parties to do.

Trumpkin Mar 5, 2021 10:35 pm
For those who didn't get the email, I've copied the one I got here (second time my Air NZ info has been leaked too, although last time it was a bit more info).

Kia ora Trumpkyn,

We have recently been alerted that a Star Alliance partner has been impacted by a security data breach, involving some of our customers’ data as well as that of many other Star Alliance airlines.

The Star Alliance member airlines share minimal frequent flyer data between each other and limited third parties to ensure benefits can be used across different carriers, for example access to member lounges.

Unfortunately, some of your information has been involved in this data breach however, this is limited to your name, tier status and membership number. This is the full extent of frequent flyer data Air New Zealand shares with other Star Alliance member airlines.

This data breach does not include any member passwords, credit card information or other personal customer data such as itineraries, reservations, ticketing, passport numbers, email addresses or other contact information.

What do you need to do?

You do not need to do anything. There is no need to change your password or take any other action. Air New Zealand takes data security and privacy seriously and we want to assure you we are working with Star Alliance to ensure stronger systems are in place to prevent any similar issues occurring in the future.

We do apologise for any inconvenience this has caused and if you have any further questions, please don’t hesitate to email us at [email protected]?subject=Se...0New%20Zealand

Ngā mihi nui,

Leanne Geraghty

Chief Customer and Sales Officer

henrus Mar 6, 2021 12:49 am
Originally Posted by nzkarit (Post 33080697)
SITA has said it was them.

See press release a few posts before

https://www.sita.aero/pressroom/news...rity-incident/

First sentence
Yes, I understand that but according to all the star alliance airlines (including the original Air NZ and SQ emails), there was just a single star alliance airline that was using the SITA product hence people are guessing at which single star alliance airline was using the SITA platform.

The breach also impacted oneworld airlines however I believe it was more than one in the alliance that was using the SITA platform.

codyc1515 Mar 8, 2021 3:00 pm
Originally Posted by sbiddle (Post 33079329)
The NZ Herald seems pretty confused. If they'd done any basic research rather than just seemingly writing a story based on the Air NZ customer email they'd know this all relates to the SITA data breach.

No individual airline had a data breach - it was *G data that SITA had, hence it only affecting a small percentage of Airpoints customers who are Gold or Elite (and seemingly *G customer data for every *A airline).

https://www.sita.aero/pressroom/news...rity-incident/
I've never had *G / *E yet I got the email. I was previously *K and am currently *S. Not sure why my data would be exposed as *S as this doesn't grant lounge entry. I guess it makes sense to share it with other airlines for, say, priority standby.

sbiddle Mar 8, 2021 3:23 pm
*S data is shared as well

nzkarit Mar 8, 2021 3:24 pm
Originally Posted by codyc1515 (Post 33086460)
I've never had *G / *E yet I got the email. I was previously *K and am currently *S. Not sure why my data would be exposed as *S as this doesn't grant lounge entry. I guess it makes sense to share it with other airlines for, say, priority standby.
May be silver
Or koru for LAX entry?

sbiddle Mar 8, 2021 4:01 pm
LAX *A lounge doesn't offer access to Koru members.


All times are GMT -6. The time now is 10:03 am.
Page 1 of 2
1
2
Show 40 post(s) from this thread on one page


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.