The data on about 285 Singapore Airlines’ Krisflyer frequent flyer program members was exposed after a software glitch following a website update allowed frequent flyers see the data of others.
"I saw that my miles were significant(ly) lower and I had a different Elite status than what was shown on screen, so I initially thought my account had been hacked” before realizing that the data belonged to another person, airline customer Tricia Leo said, according to ZDNet. "So, that meant that if I made any changes to my account or flight, those personal details of mine would be emailed to a total stranger."
Leo said she reported the incident and was told by the airline it was the result of a software bug.
“Recent data breaches in the aviation industry, like the latest Singapore Airlines incident, should serve as a wake-up call,” said Setu Kulkarni, vice president of corporate strategy at WhiteHat Security. “For all intents and purposes, today’s airlines are tech companies, and they need to implement security as such.”
Calling for a change in the way that the airline industry approaches security, Kulkarni said, Instead of thinking about ‘what we need to secure,’ airlines should focus on ‘who we need to secure’ – in other words, airlines need to model their security endeavors around the hundreds of thousands of customers who trust them to protect the private information they are required to share in order to fly.”
Ryan Wilk, vice president of customer success for NuData Security, a Mastercard company, said,“Whether it be a software glitch or data breach, companies need to mitigate the damage from exposed data by” leveraging new technologies “to correctly identify customers by their behavior online rather than by credentials that have been stolen.”