Japan Airlines Breach Exposes 750,000 People’s Personal Data

Published

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Japan Airlines (JAL) recently acknowledged that the personal information of as many as 750,000 members of its JAL Mileage Bank (JMB) frequent flyer club may have been stolen when hackers breached the airline’s Customer Information Management System after installing malware on computers that had access to the system.

The data potentially accessed includes names, birthdates, genders, home addresses, work addresses, job titles, phone numbers, fax numbers, email addresses, JMB membership numbers, and JMB enrollment dates. No credit card numbers or passwords appear to have been accessed.

“We conducted a detailed investigation into the slow response of the affected system which occurred on two days (September 19 and 22), and found that personal data of approximately 190,000 customers are suspected to have been stolen on these two days including an approximate maximum 21,000 pieces of data sent to a malicious external server, but the customers could not be identified,” the airline said in a statement.

“Investigations into suspected theft of personal data on days other than the 2 days above as well as the cause will continue, in coordination with the police. … We are taking necessary measures and have blocked the ability for all computers with access to the affected system to connect to external networks,” the airline added. “Based on findings of our investigations, we will take all possible countermeasures.”

The Japan Times reports that the data breach, which is believed to have been initiated via a malicious email that delivered the malware, may have begun on August 18, 2014. That would mean it remained undetected for more than a month.

The newspaper also reports that the malware successfully infected 23 computers, seven of which were sending data to a server located in Hong Kong, and that this is the second such attack on Japan Airlines this year — in February, hackers breached a JAL service that allowed JMB members to exchange miles for gift certificates at Amazon.com. In that attack, the hackers caused million of yen in losses.

While the volume of the JAL breach is impressive, the breach itself is far from unique. Other recent data breaches affecting tens of thousands of users include the following:

Central Utah Clinic recently began notifying 31,677 patients that their personal information may have been accessed when one of the clinic’s servers was breached. The server held imaging and radiology reports from 2010 and earlier, including patient names, birthdates, Social Security numbers, addresses andphone numbers (h/t Becker’s Health IT & CIO Review).

“Protecting our patients’ information from exposure of any kind beyond what is needed for treatment, and particularly from cybercriminal activity, is a key focus at Central Utah Clinic, and we take full responsibility for this incident,” clinic CEO Scott Barlow said in a statement. “These attacks are an unfortunate aspect of information technology and modern healthcare is not immune from this.”

San Diego’s Bartell Hotels recently acknowledged that hackers may have accessed the names, payment card numbers and expiration dates of between 43,000 and 55,000 customers who made purchases at the following hotels between February 16 and May 13, 2014: Best Western Plus Island Palms Hotel & Marina; The Dana on Mission Bay; Humphreys Half Moon Inn & Suites; Pacific Terrace Hotel; and the Days Hotel — Hotel Circle (h/t SC Magazine).

“Upon discovering a potential compromise, Bartell Hotels immediately began an investigation to confirm the nature of the unauthorized access to its system and to identify what information may have been exposed, and to quickly remediate the compromise,” the company said in a statement. “Independent data forensic experts were engaged to assist with the investigation.”

And WordPress themes provider iThemes recently uncovered a “significant attack” on its membership database, in response to which it reset all iThemes passwords. The data potentially accessed includes customer names, user names, passwords, email addresses, IP addresses, products purchased, access times, and payment receipt information (h/t DataBreaches.net).

“There is no easy way to say this: we were storing your passwords in clear text,” company CEO Cory Miller acknowledged in a blog post. “This directly impacted approximately 60,000 of our users, past and current.”

Jeff Goldman Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

This field is required This field is required

Get the free Cybersecurity newsletter

Strengthen your organization’s IT security defenses with the latest news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

This field is required This field is required