Air New Zealand sent out emails to a number of AirPoints users about a possible breach, resulting of a phishing attack that managed to gain access to a couple of staff accounts.
While they say passwords and credit card numbers were not leaked, I am always on the side of "change it now".
While at it, remember to not re-use passwords between different services.