PPRuNe Forums - Scoot major data leak….again

Anyone remember this airline giving out bogus free tickets to ALL the customers who were on their database a few months ago?
Well, this is slightly less comical.

All ex-staff of his mob had better read this…even staff from a few years ago!

Apparently all data was transferred to a third party provider recently even ex-staffers. And true to form, the finger pointing is most likely taking place now.

The link to file complaints:
https://www.pdpc.gov.sg/

Scoot would like to inform you of the recent outage of AIMS, the software used for flight crew scheduling and optimisation as well as flight operations management.

The outage was initially believed to be a hardware fault at AIMS Miami datacentre. In response, Scoot’s business continuity plans were implemented so that operations could continue, and AIMS has since migrated their services to a back-up datacentre and progressively restored functionality.

AIMS subsequently determined that the outage was in fact caused by a ransomware attack on the servers housed in its Miami datacenter, which rendered AIMS software and the databases inaccessible and non-functional. The affected servers were encrypted by the hackers as leverage for the ransom demand made to AIMS.

The affected servers house personal data of individuals employed by Scoot in an encoded form. These comprise name, email address, gender, date of birth, place of birth, marital status, next of kin information, employment/termination dates, nationality, address, travel document details (comprising name, document type e.g. passport, date of issuance/expiry, place of issue, issuing authority and issuing country), operating license number and expiration date, and medical clearance number and expiration date. The affected data also includes non-personal data to facilitate flight operations such as flight management data (i.e., aircraft, schedules and movement times) as well as applicable rates and subsidies with reference to flight and layover/turnaround times. They do not include any customer information.

You are among the individuals whose personal data was housed in the affected servers in an encoded form. Such data is retained for a finite period after employment ceases, in accordance with regulatory requirements and Scoot’s data retention policy.

Based on AIMS’ preliminary investigations, it is not possible to ascertain at this juncture whether your personal data has been read or extracted. Affected individuals may be exposed to a potential risk of identity theft. However, AIMS has advised that there is an additional layer of protection for your personal data by way of AIMS’ proprietary security mechanism. Scoot has and will continue to work with AIMS on the investigations, which are ongoing. Scoot has also undertaken an extensive scan and determined that Scoot’s internal systems have not been exposed or compromised. Scoot’s cyber protection and detection controls continue to be regularly updated with new IOCs (Indicators of Compromise) to detect and block any new cyber security threats.

Scoot highly recommends you change all passwords you use that might have included information relating to your personal data (for example, e-banking passwords comprising birthdates, email passwords comprising your name, etc.) and use strong passwords comprising a combination of uppercase and lowercase letters, numbers, and symbols. Do also monitor your bank statements regularly, clear your internet cache, do not click on suspicious links, be wary of calls from unknown numbers and never give out your personal information over the phone, etc.

We take the protection of your personal data very seriously and very much regret this incident. We are reviewing the practices of all vendors to minimise the likelihood of any repeat. Should you have any questions, please reach out to [email protected].

Thank you for your understanding and patience.

Regards,

Campbell Wilson

CEO

SCOOT
65 Airport Boulevard
Changi Airport Terminal 3, #B1-17
Singapore 819663

www.flyscoot.com