Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Air New Zealand | Air Points
Reload this Page >

Air New Zealand customers told of Star Alliance data breach

Air New Zealand customers told of Star Alliance data breach

Old Mar 5, 21, 2:41 am
  #1  
Original Poster
 
Join Date: Sep 2010
Location: AKL
Programs: NZ*S
Posts: 86
Air New Zealand customers told of Star Alliance data breach

https://www.nzherald.co.nz/business/...5HS74CPBOKVVU/

Apparently "only a small subset of Airpoints customers have been impacted" although this line stuck out to me the most
Air New Zealand is not telling its customers which partner airline was affected
Why not?!
Deductions from my personal experience is that the 'culprit' is SQ
c3rn is offline  
Old Mar 5, 21, 8:47 am
  #2  
 
Join Date: Jan 2014
Location: SEA, DUD, GLA
Programs: NZ Elite (*G)
Posts: 520
Originally Posted by c3rn View Post
https://www.nzherald.co.nz/business/...5HS74CPBOKVVU/

Apparently "only a small subset of Airpoints customers have been impacted" although this line stuck out to me the most


Why not?!
Deductions from my personal experience is that the 'culprit' is SQ
I was notified my account was affected. I have never flown Singapore nor made any bookings through them, although I have used their lounge in LHR.
SeaProf is offline  
Old Mar 5, 21, 9:40 am
  #3  
 
Join Date: Apr 2013
Location: New Zealand (most of the time)
Programs: Air NZ Elite *G, Honors Gold, IHG Platinum Elite
Posts: 5,063
The NZ Herald seems pretty confused. If they'd done any basic research rather than just seemingly writing a story based on the Air NZ customer email they'd know this all relates to the SITA data breach.

No individual airline had a data breach - it was *G data that SITA had, hence it only affecting a small percentage of Airpoints customers who are Gold or Elite (and seemingly *G customer data for every *A airline).

https://www.sita.aero/pressroom/news-releases/sita-statement-about-security-incident/

Last edited by sbiddle; Mar 5, 21 at 9:47 am
sbiddle is online now  
Old Mar 5, 21, 12:00 pm
  #4  
 
Join Date: Jan 2016
Posts: 1,527
Is interesting SITA was pwned yet only the *G data for lounge access was accessed.

Given what else SITA does surprised the data accessed is so small.
nzkarit is offline  
Old Mar 5, 21, 5:51 pm
  #5  
 
Join Date: May 2014
Location: Brisbane, Australia
Posts: 682
Originally Posted by c3rn View Post
Deductions from my personal experience is that the 'culprit' is SQ
Not sure why you'd say that. SQ sent out an email very similar to Air NZ so it probably isn't them. A few on other threads are pointing the finger at Air India.
henrus is offline  
Old Mar 5, 21, 6:59 pm
  #6  
 
Join Date: Jan 2016
Posts: 1,527
Originally Posted by henrus View Post
Not sure why you'd say that. SQ sent out an email very similar to Air NZ so it probably isn't them. A few on other threads are pointing the finger at Air India.
SITA has said it was them.

See press release a few posts before

https://www.sita.aero/pressroom/news...rity-incident/

First sentence
SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines.
nzkarit is offline  
Old Mar 5, 21, 9:24 pm
  #7  
 
Join Date: Dec 2001
Location: Auckland, New Zealand
Programs: NZ *G
Posts: 355
What struck me was how blasé Air NZ was - the email I got even suggested I shouldn’t bother changing the password!
gratn is offline  
Old Mar 5, 21, 9:35 pm
  #8  
 
Join Date: Sep 2014
Location: South Island, New Zealand
Programs: Krisflyer, Qantas Frequent Flyer, Air NZ Airpoints, Koru, NZ*S and former *G
Posts: 310
I never received anything from NZ but did receive a notification from SQ, and it appears not them as their message starts off:

"SITA, an information technology company providing passenger service systems, has informed Singapore Airlines of a data security breach involving their passenger service systems’ (SITA PSS) servers. While Singapore Airlines is not a customer of the SITA PSS, another Star Alliance member airline is...."
ottiehund is offline  
Old Mar 5, 21, 10:11 pm
  #9  
 
Join Date: Jan 2016
Posts: 1,527
Originally Posted by gratn View Post
What struck me was how blasé Air NZ was - the email I got even suggested I shouldn’t bother changing the password!
Why change the password?

AirNZ only provides Name, Number and tier to this SITA system. Your AirNZ password or hash is not given to them. So there is no need to change your AirNZ password.

Sure the authentication credentials which AirNZ (and other airlines) uses to auth to this system will need to be changed, but there is no action for individual parties to do.
nzkarit is offline  
Old Mar 5, 21, 10:35 pm
  #10  
 
Join Date: Sep 2011
Location: New Zealand
Programs: Koru/*S, GHA Gold
Posts: 937
For those who didn't get the email, I've copied the one I got here (second time my Air NZ info has been leaked too, although last time it was a bit more info).

Kia ora Trumpkyn,

We have recently been alerted that a Star Alliance partner has been impacted by a security data breach, involving some of our customers’ data as well as that of many other Star Alliance airlines.

The Star Alliance member airlines share minimal frequent flyer data between each other and limited third parties to ensure benefits can be used across different carriers, for example access to member lounges.

Unfortunately, some of your information has been involved in this data breach however, this is limited to your name, tier status and membership number. This is the full extent of frequent flyer data Air New Zealand shares with other Star Alliance member airlines.

This data breach does not include any member passwords, credit card information or other personal customer data such as itineraries, reservations, ticketing, passport numbers, email addresses or other contact information.

What do you need to do?

You do not need to do anything. There is no need to change your password or take any other action. Air New Zealand takes data security and privacy seriously and we want to assure you we are working with Star Alliance to ensure stronger systems are in place to prevent any similar issues occurring in the future.

We do apologise for any inconvenience this has caused and if you have any further questions, please don’t hesitate to email us at [email protected]?subject=Se...0New%20Zealand

Ngā mihi nui,

Leanne Geraghty

Chief Customer and Sales Officer
Trumpkin is offline  
Old Mar 6, 21, 12:49 am
  #11  
 
Join Date: May 2014
Location: Brisbane, Australia
Posts: 682
Originally Posted by nzkarit View Post
SITA has said it was them.

See press release a few posts before

https://www.sita.aero/pressroom/news...rity-incident/

First sentence
Yes, I understand that but according to all the star alliance airlines (including the original Air NZ and SQ emails), there was just a single star alliance airline that was using the SITA product hence people are guessing at which single star alliance airline was using the SITA platform.

The breach also impacted oneworld airlines however I believe it was more than one in the alliance that was using the SITA platform.
henrus is offline  
Old Mar 8, 21, 3:00 pm
  #12  
 
Join Date: Apr 2016
Posts: 606
Originally Posted by sbiddle View Post
The NZ Herald seems pretty confused. If they'd done any basic research rather than just seemingly writing a story based on the Air NZ customer email they'd know this all relates to the SITA data breach.

No individual airline had a data breach - it was *G data that SITA had, hence it only affecting a small percentage of Airpoints customers who are Gold or Elite (and seemingly *G customer data for every *A airline).

https://www.sita.aero/pressroom/news...rity-incident/
I've never had *G / *E yet I got the email. I was previously *K and am currently *S. Not sure why my data would be exposed as *S as this doesn't grant lounge entry. I guess it makes sense to share it with other airlines for, say, priority standby.
codyc1515 is offline  
Old Mar 8, 21, 3:23 pm
  #13  
 
Join Date: Apr 2013
Location: New Zealand (most of the time)
Programs: Air NZ Elite *G, Honors Gold, IHG Platinum Elite
Posts: 5,063
*S data is shared as well
sbiddle is online now  
Old Mar 8, 21, 3:24 pm
  #14  
 
Join Date: Jan 2016
Posts: 1,527
Originally Posted by codyc1515 View Post
I've never had *G / *E yet I got the email. I was previously *K and am currently *S. Not sure why my data would be exposed as *S as this doesn't grant lounge entry. I guess it makes sense to share it with other airlines for, say, priority standby.
May be silver
Or koru for LAX entry?
nzkarit is offline  
Old Mar 8, 21, 4:01 pm
  #15  
 
Join Date: Apr 2013
Location: New Zealand (most of the time)
Programs: Air NZ Elite *G, Honors Gold, IHG Platinum Elite
Posts: 5,063
LAX *A lounge doesn't offer access to Koru members.
sbiddle is online now  

Thread Tools
Search this Thread
Search Engine: