Air NZ warns frequent flyers of data breach

Flights must be taken by June 30 in 2023. This applies to both domestic and international credits...
The information affected is limited to name, tier status and membership number of an undisclosed number of customers. Photo: NZ Herald
Air New Zealand says an alliance partner has been hit by a security data breach involving some of its customers' data.

The airline is part of the 26-member Star Alliance and says it shares ''minimal'' frequent flyer data with others within the group so passengers can gain access to each other's lounges.

The information affected is limited to name, tier status and membership number of an undisclosed number of customers.

A spokeswoman said: ''Only a small subset of Airpoints customers have been impacted.''.

Some high tier Airpoints members have been contacted about the problem today.

The airline was hit by a similar breach less than two years ago when staff accounts were victims of a phishing scam and around 100,000 customers could have been affected.

Air New Zealand is not telling its customers which partner airline was affected.

Today fellow alliance member Singapore Airlines also reported data belonging to 580,000 frequent flyer members had been compromised in a cybersecurity attack that originally hit air transport communications and IT vendor, SITA.

Air New Zealand chief customer and sales officer Leanne Geraghty said this data breach did not include any member passwords, credit card information or other customer data such as itineraries, reservations, ticketing, passport numbers, email addresses or other contact information.

''We take customer data security and privacy seriously and we want to assure our customers we are working with Star Alliance to ensure stronger systems are in place to prevent something similar happening in the future,'' she said.

In 2019 a data breach has exposed up to 112,000 Air New Zealand Airpoints customers to long-term privacy concerns.

Exposed data included information associated with members' visible in internal documents.

This varied by member and could include details such as Airpoints number, members' name and email.

A very small number of limited passport details could have potentially been visible in internal documents, should these documents have been accessed, the airline said at the time.