Japan Airlines Reports Breach
Up to 190,000 Frequent Flyers Affected by Malware AttackJapan Airlines says malware installed on some of its computers was used to access personal information about members of its frequent flyer program, known as JAL Mileage Bank.
See Also: Are You APT-Ready? The Role of Breach and Attack Simulation
As a result of the malware infection, personal information on up to 190,000 members may have been exposed, Japan Airlines says. "It is suspected that up to 750,000 pieces of personal data may have been stolen," the airline says.
Information that was compromised includes membership numbers; enrollment dates; member names, birthdates and gender; home contact information, including postal code, address, phone number and fax number; work contact information, including company name, postal code, address, phone number, job title and department; and e-mail addresses.
There is no indication that passwords and credit card numbers have been stolen in the breach, the airline says.
The incident occurred Sept. 19-22. So far, Japan Airlines has confirmed that approximately 21,000 pieces of personal data were sent to a remote server, although the airline is unable to identify which specific customers' information was stolen.
"We will be promptly notifying the 190,000 potentially affected customers by e-mail, postal mail and a website notification message," the airlines says.
Japan Airlines is continuing to investigate the possibility that data may have been exposed on days other than the confirmed periods of compromise.