Two employees of Air New Zealand had their accounts compromised from a phishing attack which led to the breach. The breach affected 3.5 percent of the 3.2 million Air New Zealand Airpoints members which totals out to around 112,000 people. Information that is associated with the Airpoints members’ profiles were exposed though the staff accounts, but luckily no credit card information was able to be accessed. “While your Airpoints account was not accessed, some information relating to your membership profile may have been visible in our internal documents should these documents have been accessed. This will vary by member and could include details such as Airpoints number, members’ name, and email, as an example,” stated an airline spokesperson. The regional general manager for the airline has verified that the proper entities have been notified and he assured that their security parameters have been strengthened so that a similar incident does not occur in the future.
Analyst Notes
The airline provided a few tips that ask employees and customers to be wary of emails that appear to be from Air New Zealand but are not from one of their mailing addresses which usually end in airnz.co.nz, airnewzealand.co.nz or grabaseat.co.nz. Other emails may make urgent appeals for fast action, ask for online payment to be made, include attachments that may contain viruses, and contain links to sites that are malicious or unsavory.
