On October 14, Vietnam Airlines issued a notice to customers regarding a data security incident tied to an online customer service platform operated by a global technology corporation.

According to information from the platform provider, Vietnam Airlines is one of many international businesses affected. A portion of customer data processed through this system may have been accessed without authorization.

Upon receiving the alert, Vietnam Airlines immediately coordinated with authorities, cybersecurity experts, and the technology partner to investigate the breach, assess the extent of its impact, and enhance data protection measures.

Preliminary assessments indicate that personal data such as full names, email addresses, phone numbers, dates of birth, and Lotusmiles membership numbers may have been compromised.

However, sensitive information such as credit card numbers, payment details, passwords, travel itineraries, passport numbers, and Lotusmiles account balances remains secure and unaffected. Internal IT systems are reportedly functioning normally.

To safeguard personal information, Vietnam Airlines urges customers to:

Change their Lotusmiles and email account passwords immediately
Stay alert to phishing scams, suspicious emails, or phone calls impersonating Vietnam Airlines
Refrain from sharing personal data or OTPs
Avoid logging into unverified platforms

On certain hacker forums, a group has claimed to possess and is attempting to sell millions of customer records from companies including Qantas, GAP Inc, and Vietnam Airlines. Over 23 million records have reportedly been exposed, with data ranging from November 23, 2020, to June 20, 2025. The leaked information includes names, dates of birth, phone numbers, email addresses, and residential addresses of airline customers.

Vietnam Airlines expressed its sincere apologies for the incident and any concerns it may cause. The airline pledged to continue updating customers and implementing robust data protection measures to maintain public trust.

The hacker group responsible is reportedly Scattered LAPSUS$ Hunters - a rebranded merger involving the notorious ShinyHunters, who previously leaked data from Vietnam’s national credit information center (CIC).

The hackers revealed that they breached Salesforce accounts of 39 companies, including Vietnam Airlines, Google, Cisco, Disney, and FedEx. Vietnam Airlines uses Salesforce as its customer relationship management (CRM) solution. This indicates that the attack did not directly penetrate Vietnam Airlines’ systems, but rather extracted data through a compromised Salesforce account.

After failing to extort Salesforce, the group released data from several affected firms, including Vietnam Airlines, Qantas, and GAP Inc.

A representative from VNCERT, part of A05 under the Ministry of Public Security, confirmed with VietNamNet that customer data allegedly linked to Vietnam Airlines is indeed being sold on hacker forums. Authorities are continuing to investigate.

Thai Khang