Vietnam Airlines speaks out about suspected customer data leak

What customer information was exposed?

On October 14, Vietnam Airlines sent a notice to customers about a security incident related to the online customer care platform operated by an international technology corporation.

According to information from the partner, Vietnam Airlines is one of many businesses in the world using this unit's services that may be affected.

The company said some customer data processed on the platform was "likely subject to unauthorized access".

Personal information at risk of being exposed includes full name, email address, phone number, date of birth and Lotusmiles membership number.

However, sensitive data such as credit card information, passwords, flight itineraries, passports and account balances are determined to be safe and untouched.

Vietnam Airlines' internal information technology systems are currently operating normally.

Vietnam Airlines recommends that customers change their passwords.

"To protect personal information, Vietnam Airlines recommends that you change your Lotusmiles account passwords and associated emails, be wary of fake scams, suspicious emails or calls impersonating Vietnam Airlines, and not share personal information or OTP codes, or log in to unauthenticated systems.

Vietnam Airlines sincerely apologizes for this incident and any concerns it may have caused to customers. The airline will continue to update information and take all necessary measures to enhance data security and maintain passenger confidence," Vietnam Airlines informed.

On cybersecurity forums, including underground data markets, files containing information said to be of more than 7.3 million Vietnam Airlines customers are being circulated.

The data, which includes full names, dates of birth, emails, phone numbers and addresses, was allegedly extracted from the Salesforce system, a globally popular customer relationship management (CRM) platform.

Some technology sources said that hackers attacked Salesforce's business accounts, stole data from many customers around the world, then sold it or made it public on forums.

This is the second time Vietnam Airlines has faced a data breach. Nearly a decade ago, on July 29, 2016, the airline’s system was hacked, taking control of the flight display screens (FIDS) at the domestic terminals of Noi Bai and Tan Son Nhat airports, replacing them with distorted content about the East Sea.

The incident paralyzed dozens of servers, delayed nearly 100 flights, and exposed data of more than 410,000 regular customers, causing severe damage to reputation.