A software glitch in Singapore Airlines website caused an information break affecting 285 clients, out of which 278 clients’ private data such as customers’ names, email addresses, account numbers, membership tier statuses, KrisFlyer miles, recent miles transactions, upcoming flights, and KrisFlyer rewards were compromised.
The remaining seven clients’ visa details were endangered, a representative for Singapore Airlines said. In any case, the representative affirmed that no changes were made to clients’ records and no credit card details were endangered.
“The ‘software bug’ surfaced after changes were made to the Singapore carrier’s website on January 4 and enabled some of its KrisFlyer members to view information belonging to other travellers,” Singapore Airlines told ZDNet in an email.
A representative for Singapore Airlines confirmed the rupture and told that the episode occurred between 2 am and 12.15 pm, Singapore time, on 4 January 2019. He further affirmed this was a one-off software bug and not a consequence of a third party’s breach of their frameworks or individuals’ records.
After learning about the episode, Singapore Airlines revealed the occurrence to Singapore’s Personal Data Protection Commission. The aircraft said that it will advise all the influenced clients about the break.
One client could see personal details of other people
Prior that day, a SIA client named Tricia Leo revealed that she had the ability to see another person’s private information subsequent to signing into her KrisFlyer account by using her login credentials only.
These details incorporated the other member’s upcoming trip, such as the destination and departure date, as well as his recent transaction details which include the number of miles he has converted using points from his credit card and a recent trip he took to Tokyo.
At the point when Leo reached SIA’s customer hotline, the call operator educated her that the aircraft was performing a system upgrade and instructed her to log out the account and log back in after 24 hours.
“Such incidents are unacceptable for a company as big as Singapore Airlines. How can you do a system upgrade without proper testing?” Leo said.
“It’s frustrating that we’re held hostage by these companies that demand our personal details, but don’t keep the data safe. When you ask for my personal data, I expect you to have the technology and systems in place to keep it secured,” Leo added.
Leo further stated that the legislatures need to impose fines and develop stringent policies that will make these organizations consider security more seriously. Call centres, such as SIA’s, likewise should be better trained to manage such occurrences.
Notably, Singapore’s Personal Data Protection Commission manages issues related with individual information insurance and upholds the nation’s Personal Data Protection Act. Under this act, the organizations that are found to have ruptured the stipulated tenets can be fined up to S$10,000 (US$7,325) per customer complaint or face a maximum penalty of S$1 million (US$732,532).