Singapore Airlines (SIA) experiencedÂ a software bug on its website last Friday that disclosed approximately 280 KrisFlyer members’ details.
In a statement to Marketing, a SIA spokesperson said the bug was following aÂ change to its website homepage on 4 January 2019. The airline said that investigations based on system logs have determined that there were 285 such cases in total.
In 278 of these cases, personal details such as name, email address, account number, membership tier status, total KrisFlyer miles, recent miles transactions, upcoming flights and KrisFlyer rewards may have been exposed to other customers. In the remaining seven cases, passport details may also have been able to be seen. However, the airline confirmed that there were no changes made to any membersâ€™ accounts, and no credit card details were disclosed.
In addition, the airline made clear that this was a one-off software bug and was not the result of an external partyâ€™s breach of its systems or membersâ€™ accounts. The incident occurred between about 2am and 12.15pm (Singapore time) on 4 January 2019, at which point the issue was resolved. The spokesperson added that the airline is following up directly with the affected customers and have alsoÂ voluntarily informed the Personal Data Protection Commission of Singapore.
“The protection of our customersâ€™ personal data is of utmost importance to SIA, and we sincerely regret the incident. Immediate action is being taken to ensure this does not happen again,” the spokesperson said.
The airline also launched the KrisConnect Programme back in October last year, in a bid to enhance the overall customer experience. This initiative looks to make information and functionalities on SIAâ€™s digital platforms more readily available to partners.Â The programme is currently in its execution phase with partners across the travel ecosystem â€ścommittingâ€ť to tap on SIAâ€™s API content.