Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#254376 9-Aug-2019 15:54
Send private message

Air New Zealand sent out emails to a number of AirPoints users about a possible breach, resulting of a phishing attack that managed to gain access to a couple of staff accounts.

 

While they say passwords and credit card numbers were not leaked, I am always on the side of "change it now".

 

While at it, remember to not re-use passwords between different services.

 





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
PeterReader
6018 posts

Uber Geek

Trusted
Geekzone
Lifetime subscriber

  #2293040 9-Aug-2019 15:54
Send private message

Allow me to introduce you folks to our new travel community: TravelTalk NZ.

 

We hope to see you there!

 





I am the Geekzone Robot and I am here to help. I am from the Internet. I do not interact. Do not expect other replies from me.

 

These links are referral codes: Sharesies | Mighty Ape 




  #2293047 9-Aug-2019 16:04
Send private message

Interesting, I don't seem to have received the given email. Thanks for the notification, @freitasm. I've changed my AirNZ password.


freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2293049 9-Aug-2019 16:05
Send private message

As mentioned, not everyone was affected but I always change passwords on this kind of notifications - sometimes the actual extent of a breach is not known until later...





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup




sonyxperiageek
2958 posts

Uber Geek

Trusted

  #2293052 9-Aug-2019 16:11
Send private message

What timing as I had just gone through the (huge) list of services in LastPass (changed this master password too), and changed all my passwords just last night!

 

They still don't mention if passport details are leaked or not.





Sony


  #2293053 9-Aug-2019 16:15
Send private message

freitasm:

 

As mentioned, not everyone was affected but I always change passwords on this kind of notifications - sometimes the actual extent of a breach is not known until later...

 

 

Your point re actual extent not known until later is the reason why I'd have thought Air NZ would have erred on the side of caution by sending out this email to all their members.


RunningMan
8953 posts

Uber Geek


  #2293055 9-Aug-2019 16:16
Send private message

https://www.tvnz.co.nz/one-news/new-zealand/air-new-zealand-data-breach-over-100-000-airpoints-customers-potentially-affected

 

Reportedly affects 3.5% of airpoints members. All those affected have been contacted directly.


freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2293057 9-Aug-2019 16:18
Send private message

RunningMan:

 

Reportedly affects 3.5% of airpoints members. All those affected have been contacted directly.

 

 

"Reportedly". The reality is that while they explicitly mention no APD or CC data was leaked, there is no mention of address, phone number, passport details, DOB. It's actually a big privacy issue.

 

As I said in my previous reply, usually companies don't know the real extent of a breach until after a lengthy investigation. If I were Air NZ I would have sent this to everyone.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
dauckland
290 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #2293079 9-Aug-2019 16:24
Send private message

freitasm:

RunningMan:


Reportedly affects 3.5% of airpoints members. All those affected have been contacted directly.



"Reportedly". The reality is that while they explicitly mention no APD or CC data was leaked, there is no mention of address, phone number, passport details, DOB. It's actually a big privacy issue.


As I said in my previous reply, usually companies don't know the real extent of a breach until after a lengthy investigation. If I were Air NZ I would have sent this to everyone.



Indeed. It’s what the email doesn’t say that is important.
I tried to get some clarity about this but had no official reply.
The case was aparently forwarded to AirNZ privacy officer.
But my assumtion is that passport details and therefore identify has been stolen.

Dear AirNZ, would you terrible mind paying for my new passport and a couple years of identity fraud protection.

Kind regards

littlehead
214 posts

Master Geek


  #2293088 9-Aug-2019 16:38
Send private message

dauckland:
freitasm:

 

"Reportedly". The reality is that while they explicitly mention no APD or CC data was leaked, there is no mention of address, phone number, passport details, DOB. It's actually a big privacy issue.

 


Indeed. It’s what the email doesn’t say that is important.
I tried to get some clarity about this but had no official reply.
The case was aparently forwarded to AirNZ privacy officer.
But my assumtion is that passport details and therefore identify has been stolen.

Dear AirNZ, would you terrible mind paying for my new passport and a couple years of identity fraud protection.

Kind regards

 

Got the same email, changed my password immediately. The fact that they are not telling us what specific details could have been accessed is pretty bad, does not let me plan accordingly in any way. I've also emailed them for details on what exactly could have been potentially leaked as "information relating to membership profile" can be incredibly broad. As of right now I have to assume everything about me associated with Airpoints and AirNZ, bar credit card info, is now compromised. Someone could easily do full identity fraud with passport validation with that data.


Trumpkin
6 posts

Wannabe Geek


  #2293151 9-Aug-2019 18:55
Send private message

The Privacy Commissioner was notified on the 31st July, but affected Airpoints members were only notified on the 9th August.

 

I've not seen anything to account for the delay between when they knew about the issue and when they decided to inform those affected, 9 days later.

 

For frequent fliers, there is a mass of Personally identifiable information (PII) that Air NZ will have which could not just have personal impact but commercial impacts too like the following example.

 

(I can't post links yet, but Google "private jet data takeover revealed" and you'll get the CNBC report - "A corporate jet suggested Buffett’s energy deal was in works days before it was announced")

 

They also say that people need to be only "on the lookout for phishing emails over the next few months". Depending on what PII was covered by the breach, some of it, e.g. date of birth, addresses, passport info, etc. could remain valid for years.

 

Similarly there might be more than just phishing risks, the breached data could be enough for people to make loan / credit card applications and other use of identity information.

 

I'd keep an eye on your credit report, e.g. using a free account on Credit Simple (easy to find with Google).


Goosey
2829 posts

Uber Geek

Subscriber

  #2293175 9-Aug-2019 19:44
Send private message

@freitasm   GKZ gets a mention...

 

here

 

edit...the mention seems to be quoting your comments above :-)


Trumpkin
6 posts

Wannabe Geek


  #2293185 9-Aug-2019 19:52
Send private message

Goosey:

 

@freitasm   GKZ gets a mention...

 

here

 

edit...the mention seems to be quoting your comments above :-)

 

 

Several of the comments are from people who have contacted Air NZ and were told:

 

  • "name, occupation, employer, more important my email, address and phone number. Plus Airpoints status"
  • "name, job title, employer, address, email, phone number, Airpoints status, points balance and account number"

 


  #2293243 9-Aug-2019 20:36
Send private message

A good reason not to provide any more information than absolutely necessary. I certainly don't give them my passport number.

Trumpkin
6 posts

Wannabe Geek


  #2293245 9-Aug-2019 20:40
Send private message

larknz: A good reason not to provide any more information than absolutely necessary. I certainly don't give them my passport number.

 

Even if you don't add it to the Airpoints website, if you fly internationally then they will need to capture your passport information. If your flight is linked to your Airpoints account then they will have your passport info linked.


merknz
36 posts

Geek


  #2293339 10-Aug-2019 04:33
Send private message

 

 

From the wording, it appears it was a report that was accessed via an Email/Onedrive account. I don't know any more than you do, but I would doubt that the bad actor had any access to Internal systems. The system that holds credit card hashes is heavily protected and audited, the one that holds passport information is also restricted and able to be audited. My guess is that the delay was AirNZ going through every audit log to see if there was any additional breaches. If you were told one thing, and ten days later told another, you'd go through the roof. They're trying to be sure. 

 

the security team is dedicated, staff are trained every year on phishing scams and what to watch for, it was likely a VERY complicated scam or simply inattention which is a very human trait. 

 

 

 

 

 

 

 

 


 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.