What’s the matter?
Air New Zealand suffered a data breach compromising Airpoints members’ personal information after two staffs had their accounts breached in a phishing attack.
Upon learning the incident, Air New Zealand launched an investigation and secured the two affected staff accounts. It has also notified the impacted customers about the breach.
What is the impact?
“While your Airpoints account was not accessed, some information relating to your membership profile may have been visible in our internal documents should these documents have been accessed. This will vary by member and could include details such as Airpoints number, members’ name, and email, as an example,” a spokesperson for the airline said, 1 News reported.
What was the response?
Air New Zealand’s regional general manager, loyalty and customer direct Jeremy O'Brien said in an email to members that the airline has reported the data breach incident to the appropriate regulatory authorities and has strengthened its security measures to avoid incidents from happening in the future.
“We have notified the relevant regulatory bodies. Unfortunately, malicious attacks of this nature are becoming more common around the world and we apologise to our customers for any inconvenience,” O’Brien said, NZ Herald reported.
“We're also focused on further hardening our security processes to help prevent any similar incidents from happening in the future. We would encourage you to be on the lookout for phishing emails over the next few months,” she added.
Recommendations from the airline
Air New Zealand provided a few tips on how to spot phishing emails listed below.
“Be cautious of emails:
If the email seems to be from someone you trust but is asking you to make an unusual financial transaction, call or text the real sender to check.
If you think you have been sent a phishing email, delete it immediately.”