SIA said that the incident occurred between 2am and 12:00pm last Friday.
“We have been made aware of a number of cases in which a customer logged in to his or her KrisFlyer account, and under certain specific conditions, may have been able to see selective details of another customer,” a spokesperson told ZDNet.
Singapore Airlines software bug
According to the spokesperson, a total of 284 customers were affected by the software bug. Of these, 278 members may have viewed other customers private information.
These details may have included, account numbers, e-mail addresses, names, membership tier statuses, recent miles transactions, upcoming flights, and KrisFlyer rewards.
In seven of the remaining cases, the Singapore carrier said that customers’ passport numbers may have also been revealed.
The spokesman said that a customer’s details may have been revealed if any two members had signed into their KrisFlyer accounts and viewed their transactions showing their account information at the same time, while also being connected to the same server on the system.
The spokesperson added that the issue had been resolved.
The issue arose when Trishia Leo, a KrisFlyer member, logged into her KrisFlyer account and noticed another person’s email address on her account. As soon as she noticed the error, she almost immediately took to Facebook to express her concerns.
“I tried a new login and I could see his entire history, upcoming trips, miles,” she wrote. “If organisations that demand our personal data don’t guard our information properly, then they need to be called out on it.”
“One-off software bug”
According to the report, SIA refused to comment on individual cases, but said the incident was due to a “one-off software bug” and It was not the result of “an external party’s breach of our systems or members’ accounts”.
SIA said that no changes were made to members’ accounts and no customers credit card details were revealed during the breach.
SIA said that they are currently in the process of informing affected customers. “We have also voluntarily informed the Personal Data Protection Commission of Singapore,” it said.
“The protection of our customers’ personal data is of utmost importance to SIA, and we sincerely regret the incident. Immediate action is being taken to ensure this does not happen again.”