Etihad Airways Considers Legal Action Over Three-Year-Old Data Breach

United Arab Airways airline, Etihad Airways, has confirmed it is conducting an investigation into a potential data breach, and is exploring legal options against those responsible.

The suspected data leak was first reported by Gulf News, which claims to have been passed personal information regarding 7,000 Etihad Airways customers by an anonymous source.

Personal information

The information includes names, phone numbers, email addresses and other personal information of customers signed up to Etihad Airways’ loyalty programme, the news service added.

The airline told TechWeekEurope that its investigation relates to “a possible compromise of information belonging to a small number of members of its loyalty program.”

An Etihad Airways spokesperson added: “The data is three years old, does not include sensitive or financial information, and presents no threat to the security of Etihad Guest member’s accounts.”

Etihad Guest takes the security and privacy of its members very seriously and has taken immediate action to address any concerns, the airline said.

Its spokesperson added: “It also appears this information was misappropriated from a marketing vendor involved in a promotional campaign in 2013.

“As a consequence, Etihad Airways is considering all its legal options as a matter of priority.”

The marketing firm behind the data breach has been named as Dubai-based email and content marketing solutions provider, EmailCiti, which had been hired to work on an Etihad Airways promotional campaign.

EmailCiti founder Khaled Jabasini suggested the data could have been taken from a stolen or lost computer used to work on the promotion.

He said “all parties involved in the promotion”, including employees at both EmailCiti and Etihad Airways, had access to the data.

How much do you know about 2015’s biggest data breaches? Try our quiz!