itb-nz logo
Story image

Air NZ faces data breach after staff accounts phished

09 Aug 2019

Air New Zealand has suffered a data breach after two of its staff accounts were phished.

The carrier advised customers that while Airpoints loyalty accounts were not accessed, some information relating to membership profiles may have been visible on internal documents.

It sent out an email this afternoon advising customers of the breach.

The email also stated that credit card details and Airpoints passwords were not affected.

The breach comes on the back of UK airline carrier British Airways being hit with a US$230 million fine by a privacy watchdog for failing to protect its customers’ data in 2018.

Data compromised in that hack included login details, payment information, travel booking information, and addresses and affected anyone who booked a flight through the British Airways website over a two-week period.

In total, that came up to approximately 380,000 accounts.

The fine sets a tough precedent, making airline carriers realise they are targets for cyber-attacker for the customer information they hold, and that authorities expect them to take full responsibility for securing that data.

Air New Zealand loyalty and customer direct regional general manager Jeremy O’Brien says the company has secured the two affected staff accounts and are conducting a thorough investigation on the event.

“We’re also focused on further hardening our security processes to help prevent any similar incidents from happening in the future.”

He encouraged customers to be on the lookout for phishing emails over the next few months, reminding them that they will never ask for credit card details or login information in an email.

The company also included the following tips on how to spot phishing emails:

Phishing scams can be very sophisticated.

If your personal information was exposed in this recent incident, it could possibly be used to create authentic-looking hoax emails.

They could include your name and your Airpoints number, for example.

Please be cautious of emails that:

  • Appear to be from Air New Zealand, but are not from one of our mailing addresses which usually end in, or
  • Make urgent appeals for fast action
  • Ask you to make an online payment
  • Include attachments that may contain viruses
  • Contain links to sites that are malicious or unsavoury

If the email seems to be from someone you trust but is asking you to make an unusual financial transaction, call or text the real sender to check.

If you think you have been sent a phishing email, delete it immediately.

For more information on phishing emails visit CERT NZ, the New Zealand Government’s cybersecurity advisory service, or Netsafe NZ.

Link image
Need better security now your workforce is remote? Get it for free
Remote working comes with all kinds of cybersecurity risks. Protect your business by leveraging multi-factor authentication, biometrics and push notification software for free.More
Link image
Take advantage of free multi-factor authentication as you work remotely
Cybersecurity is shaping up to be one of the most important areas to consider while working from home. Leverage biometrics and password authentication for free with RSA.More
Story image
Microsoft Teams announces commitment to privacy in wake of Zoom woes
Microsoft 365 corporate vice president Jared Spataro says the Teams platform already has strong security and privacy policies in place, and committed to upholding them throughout this era of uncertainty.More
Story image
IBM integrates Okta identity solutions to cloud offerings
“We’re excited to formalise the partnership to provide our joint customers with the technology to help secure their organisations.”More
Link image
AvePoint Free Webinar: Maximise productivity using Microsoft Teams Template
As more workers turn to Microsoft Teams for remote productivity, learn how to leverage the Teams Template functionality when creating new Teams and how to provide unique provisioning, sharing and other settings for different departments.More
Story image
The COVID-19 fight: InternetNZ to hold online meeting on contact tracing technology
New Zealand Prime Minister Jacinda Ardern announced contact tracing technology will be one of the three pillars in New Zealand's strategy to contain COVID-19.More