Home News Software bug leaks personal data of 285 Singapore Airlines’ fliers

Software bug leaks personal data of 285 Singapore Airlines’ fliers

Singapore Airlines

A software glitch possibly exposed personal information of 285 members who used the Singapore Airlines (SIA) services. The Singapore flag carrier stated that a bug in its website caused a data leakage of KrisFlyer, a regular flyer program of Singapore Airlines.

The bug exposed KrisFlyer customers’ personal information, including the member’s full name, email address, membership tier, account number, the accumulated miles/rewards, travel history, passport, and flight information, according to Straitstimes.

The officials at SIA stated that the incident occurred on January 04, 2019, from 2:00 am to 12:15 pm when two or more users logged in to their KrisFlyer accounts at the same time. The airline stated that it has informed Singapore’s Personal Data Protection Commission about the customer information leakage and also notifying the affected customers.

“We have established that this was a one-off software bug and was not the result of an external party’s breach of our systems or members’ accounts. The issue has been resolved and we will carry out a detailed review to ensure this will not happen again,” the airline said in a statement.

“The protection of our customers’ personal data is of utmost importance to SIA, and we sincerely regret the incident,” it added.

The data hacks/breaches have become common in the airline industry. In September 2018, a cyber-attack at Bristol Airport caused technical issues which led to the malfunction of flight information screens. The airport authorities notified that the customers were unable to read any arrival or departure information as the flight information screens went blank.

In a similar incident, British Airways announced that its payment website was compromised, affecting 185,000 customers who made reward bookings between April 21 and July 28, 2018, using a payment card. The airline discovered the incident while investigating on its previous breach that occurred in September 2018, which affected 380,000 transactions.