itb-nz logo
Story image

Air NZ faces data breach after staff accounts phished

09 Aug 2019

Air New Zealand has suffered a data breach after two of its staff accounts were phished.

The carrier advised customers that while Airpoints loyalty accounts were not accessed, some information relating to membership profiles may have been visible on internal documents.

It sent out an email this afternoon advising customers of the breach.

The email also stated that credit card details and Airpoints passwords were not affected.

The breach comes on the back of UK airline carrier British Airways being hit with a US$230 million fine by a privacy watchdog for failing to protect its customers’ data in 2018.

Data compromised in that hack included login details, payment information, travel booking information, and addresses and affected anyone who booked a flight through the British Airways website over a two-week period.

In total, that came up to approximately 380,000 accounts.

The fine sets a tough precedent, making airline carriers realise they are targets for cyber-attacker for the customer information they hold, and that authorities expect them to take full responsibility for securing that data.

Air New Zealand loyalty and customer direct regional general manager Jeremy O’Brien says the company has secured the two affected staff accounts and are conducting a thorough investigation on the event.

“We’re also focused on further hardening our security processes to help prevent any similar incidents from happening in the future.”

He encouraged customers to be on the lookout for phishing emails over the next few months, reminding them that they will never ask for credit card details or login information in an email.

The company also included the following tips on how to spot phishing emails:

Phishing scams can be very sophisticated.

If your personal information was exposed in this recent incident, it could possibly be used to create authentic-looking hoax emails.

They could include your name and your Airpoints number, for example.

Please be cautious of emails that:

  • Appear to be from Air New Zealand, but are not from one of our mailing addresses which usually end in airnz.co.nz, airnewzealand.co.nz or grabaseat.co.nz
  • Make urgent appeals for fast action
  • Ask you to make an online payment
  • Include attachments that may contain viruses
  • Contain links to sites that are malicious or unsavoury

If the email seems to be from someone you trust but is asking you to make an unusual financial transaction, call or text the real sender to check.

If you think you have been sent a phishing email, delete it immediately.

For more information on phishing emails visit CERT NZ, the New Zealand Government’s cybersecurity advisory service, or Netsafe NZ.

Story image
Advertisers modelling GFC behaviour as Facebook ad costs tank and Google Ads rise 
"Marketers are looking to prove return on investment by spending on what is measurable and targeting customers who are already searching and already in the click and buy cycle."More
Link image
Zendesk Showcase: A CX event for these topsy-turvy times
The world is in uncharted territory – there is no blueprint for doing business right now. Each day brings new challenges. Join business leaders to share your thoughts and learn how to thrive in the face of adversity.More
Link image
Malware campaigns leverage encryption to dodge enterprise detection
Get the hard data about SSL/TLS usage and upgrading your organisation's security posture.More
Story image
Cloud-scale connectivity with consistent security
Organisations should look towards SD-WAN solutions that support multiple administrative domains for isolating and separating lifecycle management, as well as the operations, or each business unit’s SD-WAN. More
Link image
Network on TAP: Visibility made easy
Test Access Points (TAPS) connect to cabling infrastructure to conduct packet monitoring – and they’re the most effective way to copy traffic across a system. Put this tried-and-true visibility device to work for you today.More
Story image
AIOps and the evolution of IT infrastructure monitoring
As companies adapt to ongoing digital transformation, they will soon realise that they need more than just a dedicated IT team to view and manage the company’s IT infrastructure. That’s where AIOps comes in.More