Singapore Airlines (SIA) says a software glitch was the cause of a data breach that affected 284 members of its frequent flyer programme, compromising various personal information including passport and flight details.
The "software bug" surfaced after changes were made to the Singapore carrier's website on January 4 and enabled some of its Krisflyer members to view information belonging to other travellers[1], SIA told ZDNet in an email.
A spokesperson said a review of its system logs revealed 284 such cases, of which 277 might have exposed the member's name, email address, account number, membership tier status, Krisflyer miles, recent miles transactions, upcoming flights, and Krisflyer rewards.
The remaining seven accounts might have had their passport details compromised, said the spokesperson, who added that no changes were made to the members' accounts and no credit card details were compromised.
"We have established that this was a one-off software bug and was not the result of an external party's breach of our systems or members' accounts. The period during which the incident occurred was between 2am and 12.15pm, Singapore time, on 4 January 2019, at which point the issue was resolved," the spokesperson said.
The airline said it would contact all affected customers and had "voluntarily informed" Singapore's Personal Data Protection Commission about the data breach.
The commission oversees issues related to personal data protection and enforces the country's Personal Data Protection Act[2], in which companies found to have breached stipulated rules can be fined up to S$10,000 (US$7,325) per customer complaint or face a maximum penalty of S$1 million (US$732,532).
ZDNet earlier today reported[3] that an SIA customer was able to view someone else's personal data after logging into her Krisflyer