What actually happened?
As a result to two staff members’ accounts becoming prey to phishing, a data breach at Air New Zealand compromised the personal information of over 100,000 Airpoints members.
When this incident came to light, Air New Zealand did not waste any time and launched an investigation which resulted in securing both the affected accounts along with informing affected customers on the breach.
What was the outcome?
- Nearly 3.5% of the total of 3.2 million customers of Air New Zealand were affected. Which is estimated to be 112000 people.
- The two staff’s affected accounts led to the expose of customer’s memberships and personal information to the attackers.
- Nevertheless, neither any credit card details nor any Airpoints accounts were compromised as a result of the breach.
How did Air New Zealand respond?
The regional general manager at Air New Zealand, Jeremy O’Brien stated in an email to the customers that the breach was reported by the airline to the authorities that have then strengthened their security measures to prevent future mishaps of the same kind.
The statement Jeremy gave to the NZ Herald said that they notified the regulatory bodies but attacks of such harmful nature are, unfortunately, becoming common globally and that they have apologized to their customers for the inconvenience.
Recommendations from Air New Zealand
Following the unfortunate event, the airline provided some pointers on how to efficiently spot phishing emails, which are to be cautious of emails that:
- Appear as if they are from Air New Zealand but not from the mailing addresses that end in airnewzealand.co.nz, airnz.co.nz, or grabaseat.co.nz.
- Make emergency appeals for action.
- Request you to make a payment online.
- Include suspicious attachments that contain viruses.
- Ask you to click on links to sites that will be malicious.
- If the email appears to be coming from a trusted site, person but asks you to do something unusual like make an online transaction or text or call the sender, etc.
Lastly, the airline suggested that if you suspect of having received a phishing email, you should delete it immediately.