Japan Airlines says up to 28,000 customers affected by unauthorized access to baggage service system

Japan Airlines announced that unauthorized access to the reservation system for its Same-Day Luggage Delivery Service may have exposed the personal information of up to 28,000 customers, prompting the carrier to suspend the service while it investigates the breach.

The incident occurred at approximately 12:40 a.m. local time Monday, when a third party accessed the system used to manage reservations for the airline’s baggage delivery service. The service transports passengers’ luggage from airports to designated hotels on the same day of arrival.

Airport staff first identified irregularities at 9 a.m. on Feb. 9 after reporting that the service could not be used normally. By 10:20 a.m., the airline had suspended the reservation function. A subsequent review of access logs by the system operations department found that a reservation error occurred at 6:18 p.m. on Feb. 8, followed by unauthorized access several hours later.

The potentially compromised data involves customers who have used the Same-Day Luggage Delivery Service on or after July 10, 2024. The information may include names, email addresses, phone numbers, Japan Airlines Mileage Bank frequent flyer numbers, flight reservation details and delivery information. Additional travel-related details such as flight numbers, departure and arrival airports, and hotel names may also have been exposed.

Japan Airlines, the country’s flagship carrier and one of the largest airlines in Asia, confirmed that credit card numbers and passwords were not affected in the breach. The airline has suspended the luggage delivery service until its safety can be confirmed. No other airline systems or services have been impacted, the company said.