284 KrisFlyer members’ details exposed due to software bug, Latest Singapore News - The New Paper
Singapore

284 KrisFlyer members’ details exposed due to software bug

This article is more than 12 months old
SQ mid-air bomb hoax: Mumbai-Singapore flight escorted safely to Changi, woman and child questioned
ST FILE PHOTO
TEE ZHUO
Jan 07, 2019 06:00 am

The personal details of over 280 KrisFlyer members may have been seen by other customers due to a software bug affecting Singapore Airlines' (SIA) website last Friday.

"We have been made aware of a number of cases in which a customer (who) logged in to his or her KrisFlyer account, under certain specific conditions, may have been able to see selective details of another customer," an SIA spokesman said in response to queries.

These details may have included names, e-mail addresses, account numbers, membership tier statuses, KrisFlyer miles and rewards, and travel history. In seven cases, passport details were seen.

The spokesman added that the breach occurred when any two members logged in to their KrisFlyer accounts and accessed transactions displaying their membership information at the same time, while also being assigned the same server by the system.

The software bug arose from a change to SIA's homepage on Friday, and the incident occurred between 2am and 12.15pm.

Investigations based on system logs determined 284 cases in total.

Use taxi apps, not platform like Gojek, says passenger who was charged $10 booking fee
Singapore

Passenger says $10 taxi booking fee is unfair

Related Stories

TNP goes fully digital

DBS restores digital banking services, rules out cyber attack

Vegetable prices here rise due to wet weather in M'sia

On Saturday, Facebook user Tricia Leo said in a post that when she logged in to her KrisFlyer account, she could see another person's e-mail address on her profile page.

"I tried a new login and I could see his entire history, upcoming trips, miles," she wrote.

"If organisations that demand our personal data don't guard our information properly, then they need to be called out on it."

In a statement, SIA said that no changes were made to members' accounts and no credit card details were disclosed.

"We have established that this was a one-off software bug and was not the result of an external party's breach of our systems or members' accounts," the airline said. "The issue has been resolved and we will carry out a detailed review to ensure this will not happen again."

"The protection of our customers' personal data is of utmost importance to SIA, and we sincerely regret the incident," it added.

A Personal Data Protection Commission spokesman confirmed that it had been notified of the incident, and said that the commission was looking into it.

Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now

CONSUMER ISSUES