The airline has sent out emails to roughly 70,000 members, representing roughly 3.5% of its entire program membership, whose information was compromised.
Here’s an excerpt from the NZHerald (access their piece here):
While Airpoints accounts, passwords and credit card details were not accessed, the airline says some information relating to membership profiles may have been compromised.
”We’re sorry to advise that some of your personal information may have been affected by a recent phishing incident relating to two Air New Zealand staff accounts,” the airline’s regional general manager, loyalty and customer direct Jeremy O’Brien said in an email to members.
”We have notified the relevant regulatory bodies. Unfortunately, malicious attacks of this nature are becoming more common around the world and we apologise to our customers for any inconvenience,” she said.
It seems that this hack has mainly affected elite members of its Airpoints program. The airline is unclear, doesn’t know, or is not willing to convey exactly what information was leaked.
Blaming two staff accounts and phishing is a very bad excuse. Their systems weren’t properly secured if these accounts were compromised and used to extract member information from the Airpoints program.