Hackers breach Finnair frequent flyer database

Hackers got access to information on Finnair’s Frequent Flyer programme’s database, said Finnair.

The breached data include member names, personal titles, frequent flyer numbers, tier information, and for some members, meal and seating preferences.

Any other information, such as contact details, payment card details or passwords, are not included.

“We have been informed on 27 February that some of Finnair Frequent Flyer data are included in a recent data breach of a third-party information system of SITA used by our airline partners,” said Heidi Lemmetyinen from Finnair Media Desk to the Daily Finland, adding that SITA produces IT services for a large number of airlines and airports.

The breached data, however, could not be used to access Finnair Plus services.

“Accessing Finnair Plus service always requires a password, and we do not share password data among airlines,” said Lemmetyinen.

The airline does not use the service provider in question, but it shares frequent flyer information with its partner airlines that use this third-party service.

Frequent Flyer information is shared among airlines to ensure that Finnair can serve its members, and to allow customers to accrue and use their Frequent Flyer points.

In order to avoidany doubt, this data incident is not the result of any breach in Finnair IT systems, said Lemmetyinen.

“Based on our analysis, the nature of the breached data, and the information we have received from the third-party service provider SITA, we believe that the risk of this data being misused in other contexts is relatively low, and we have not detected any unusual activity on Finnair Plus accounts,” she added.

The airline authorities have already informed the country’s data protection authority and have communicated with the affected customers as well.

The Finnair also recommended customers to reset their Finnair Plus password.

Customers can also contribute to their privacy by switching on two-factor authentication in the ‘Advanced security’ section of their Finnair Plus profile.

The system breach affects about 200,000 members of the Finnair Plus programme.