PAL's Mabuhay Miles suffers data breach

Metro Manila (CNN Philippines, September 11) — Flag carrier Philippine Airlines (PAL) has become a victim of a cyberattack after criminals targeted its information technology (IT) service provider and exposed the personal data of Mabuhay Miles members.

In a statement, the airline confirmed that Accelya, the third-party IT provider for PAL's frequent flyer program, was affected by "a cybersecurity incident."

PAL assured the public that the data breach only involved "limited information" of customers who became Mabuhay Miles members from 2015-2017.

Compromised information included members' names, birth dates, nationality, gender, join date, tier level, and points balance.

The Lucio Tan-led company already informed local authorities about the incident and has started notifying affected customers. PAL urged the members to immediately change their passwords.

The country's data privacy authority said Saturday it received a breach notification from PAL on Sept. 8.

"PAL is closely coordinating with Accelya who confirmed to us that the incident has been contained. We urged Accelya to fortify security measures to ensure that there can be no recurrence," PAL senior vice president and data protection officer Alvin Limqueco said in the statement.

The cybersecurity incident "had no effect on PAL's internal IT systems," it added.

"Safeguarding the data of our customers and frequent flyer members has always been a top priority of Philippine Airlines. We will do what is necessary to protect this information, in line with our strict safety culture that applies to all our flights and every aspect of our operations," Limqueco said.