Philippine Airlines suffers cyberattack with frequent flyer program

Philippine Airlines (PAL) recently suffered a cybersecurity breach that saw thousands of personal data of its frequent flyers stolen. The attack targeted an IT vendor for the carrier and affected members who joined between 2015 and 2017. Details taken include names, date of birth, nationality, gender, and more.

Problematic trend

According to CNN Philippines, PAL confirmed on Sunday that one of its IT vendors, Accelya, had recently suffered a data breach. The provider stored data relating to PAL’s Mabuhay Miles loyalty program, which has now fallen into the hands of unwanted parties.


The carrier said it lost “limited information” about members who signed up from 2015 to 2017. However, this includes details such as name, date of birth, gender, nationality, date of joining, point balance and status level. Although these may not seem significant individually, taken together they can seriously compromise online security.

Philippine Airlines is the flag carrier and the largest airline in the country, probably counting hundreds of thousands of members on its FF program. Photo: Getty Images

The incident was first reported to authorities on September 8, meaning the breach may be quite recent. In a statement, PAL Senior Vice President and Chief Data Protection Officer Alvin Limqueco said:

“PAL is working in close coordination with Accelya who confirmed to us that the incident has been brought under control. We have urged Accelya to strengthen security measures to ensure that it cannot happen again. The protection of our customers’ data and our frequent flyer members has always been a top priority of Philippine Airlines.We will do what is necessary to protect this information, in accordance with our strict security culture which applies to all our flights and all aspects of our operations.

No impact on operations

Philippine Airlines stressed that the latest data breach had nothing to do with its own systems, naming its third-party contractors. With PAL’s internal systems unaffected, passengers and operations will soon experience no issues. However, PAL has urged all travelers to change their Mabuhay Miles passwords as a precaution.

Notably, this isn’t the first time in recent memory that third-party companies have faced cyberattacks on passenger data. In early 2021, a data breach at service provider SITA saw millions of frequent flyers on carriers ranging from British Airways to Cathay Pacific to Air India having their personal data stolen. This has re-emphasized data security and raised alarms about how information might be handled externally.

Airlines have beefed up their systems to protect against large-scale disruptions. Photo: Getty Images

Governments have also taken action on breaches, fining airlines when they fail to protect passengers. In 2020, British Airways imposed a massive £20 million ($23.4 million) fine for a breach that saw nearly 250,000 passengers affected by leaks of personal data such as addresses and contact details. map.

High reliance on computers

Whether we like it or not, airlines have become as strong as their IT capabilities today. From reservations to route planning to operations, modern aviation is driven by advanced algorithms and software. While this has made travel affordable and efficient, it can also leave carriers stranded when things go wrong. Aer Lingus is finding this out the hard way this weekend, with almost all flights halted for a day due to a breakdown. For now, such incidents are a reminder to airlines how important investments in new, secure IT systems remain.

Source: CNN Philippines

Ryan H. Bowman