Philippine Airlines (PAL) recently suffered a cybersecurity breach that saw thousands of its frequent flyers' personal details stolen. The attack was targeted at an IT provider for the carrier and impacted members who joined between 2015 to 2017. Details taken include names, date of birth, nationality, gender, and more.

Problematic trend

According to CNN Philippines, PAL confirmed on Sunday that one of its IT providers, Accelya, suffered a data breach recently. The provider stored data relating to PAL's Mabuhay Miles frequent flyer program, which has now fallen into the hands of unwanted parties.

The carrier has said it lost "limited information" on members who signed from 2015-17. However, this includes details such as name, date of birth, gender, nationality, joining date, points balance, and status level. While these may not seem significant individually, put together, they could significantly compromise online security.

Philippines Airlines aircraft
Philippine Airlines is the flag carrier and biggest airline in the country, likely having hundreds of thousands of members on its FF program. Photo: Getty Images

The incident was first reported to the authorities on September 8th, meaning the breach may have been fairly recent. In a statement, PAL Senior VP and Data Protection Officer Alvin Limqueco said,

"PAL is closely coordinating with Accelya who confirmed to us that the incident has been contained. We urged Accelya to fortify security measures to ensure that there can be no recurrence. Safeguarding the data of our customers and frequent flyer members has always been a top priority of Philippine Airlines. We will do what is necessary to protect this information, in line with our strict safety culture that applies to all our flights and every aspect of our operations."

No impact on operations

Philippine Airlines has stressed that the latest data breach has nothing to do with its own systems, pointing to its third-party contractors. With PAL's internal systems unaffected, neither passengers nor operations will not face any trouble soon. However, PAL has urged all travelers to change their Mabuhay Miles passwords as a precautionary measure.

Notably, this is not the first time in recent memory that third-party firms have faced cyberattacks on passenger data. In early 2021, a data breach at service provider SITA saw millions of frequent flyers on carriers ranging from British Airways to Cathay Pacific to Air India have their personal details stolen. This has brought data security back into focus and raised alarms over how information might be handled externally.

BMI British Midland International Boeing 737-500 climbing enroute at dusk
Airlines have been fortifying their systems to protect from widescale disruptions. Photo: Getty Images

Governments have been taking action over breaches as well, fining airlines when they fail to protect passengers. In 2020, British Airways handed a massive £20 million ($23.4mn) fine for a breach that saw nearly 250,000 passengers affected by leaked personal data like addresses and card details.

Huge reliance on IT

Whether we like it or not, airlines have become as strong as their IT capabilities today. From bookings to route planning to operations, modern aviation is driven by advanced algorithms and software. While this has made travel affordable and efficient, it can also leave carriers in a lurch when something fails. Aer Lingus is finding this out the hard way this weekend, with nearly all flights axed for a day due to an outage. For now, incidents such as these remind airlines how important investment in new and secure IT systems remains.

Source: CNN Philippines