PAL Mabuhay Miles to tighten cybersecurity

MANILA, Philippines — Flag carrier Philippine Airlines (PAL) has demanded its third-party service provider to improve its cybersecurity features after personal information of Mabuhay Miles members were exposed in a data leak.

In a statement, PAL senior vice president and data protection officer Alvin Limqueco requested Accelya to strengthen its cybersecurity systems in the wake of a data leak that affected the files of its loyalty program Mabuhay Miles.

Limqueco vowed that PAL is working with Accelya in making sure that the cybersecurity incident no longer poses a risk to the personal information of its frequent flyers.

“PAL is closely coordinating with Accelya, which confirmed to us the incident has been contained. We urged Accelya to fortify its security measures to ensure that there would be no recurrence,” Limqueco said.

PAL, in its analysis, confirmed the the cybersecurity breach that hit Accelya stole the personal information of Mabuhay Miles clients who registered between 2015 and 2017. At most, PAL said that translates to around 12 percent of the membership base.

Moving forward, Limqueco said the airline, owned by taipan Lucio Tan, would enhance the security features of its internal systems to uphold the data privacy of its guests.

“Safeguarding the data of our customers and our frequent flyer members has always been a top priority of Philippine Airlines,” Limqueco said.

“We will do what is necessary to protect this information, in line with our strict safety culture that applies to all our flights and every aspect of our operations,” he said.

Accelya serves as the third-party information technology service provider for Mabuhay Miles. In August the firm suffered a cybersecurity attack that infiltrated its database.

Accelya admitted that personal and sensitive information of travelers who flew with some of the largest carriers in the world were exposed by ransomware group BlackCat. Aside from PAL, the firm provides IT support for American Airlines, British Airways, Delta, among others.

Worse, BlackCat published in its leak site the data taken from Accelya’s files, warning that it also holds information as sensitive as e-mail exchanges and employee contracts.