Two Vietnamese commercial banks have taken measures to protect customers who have used their cards in transactions with Vietnam Airlines, in the wake of a breach concerning more than 400,000 membership credentials of the national flag carrier.
An alleged group of Chinese hackers compromised the Vietnam Airlines system on Friday, stealing information from some 410,000 VIP member accounts of the carrier’s Lotusmiles program.
The data, including names, birthdays and addresses of the members, were later made available for download by the hackers, raising further security issues for those affected.
With many of the Lotusmiles members having used bank cards to complete transactions with Vietnam Airlines, banks are concerned that hackers will be able to use the membership information to steal money from those accounts.
“Cybercriminals can use the data including the card number and expiry date to conduct transactions on websites without the standardized security system 3D Secure,” Techcombank said in a statement.
3D Secure is an internationally recognized security standard for online credit card payments.
Participating 3D Secure retailers' websites are identified with the logos of MasterCard and Visa, indicating that they can use these credit cards safely there.
The online payment feature of Techcombank credit cards owned by those involved in the data breach at Vietnam Airlines has therefore been disabled for safety’s sake, according to the lender.
Affected card holders can still use the plastic for direct transactions. Techcombank has also suspended a promotional campaign that allows its credit card holders to book airfares at discounted prices.
A Techcombank representative said the lender is reviewing transaction logs to identify cards vulnerable to hackers, and will join hands with Vietnam Airlines to enact more measures to protect customers on both sides.
The lender recommends that customers only use their credit cards on trusted websites.
VietinBank credit card holders who had used their cards in transactions with Vietnam Airlines have also had the online payment feature disabled for the same reason.
Another lender, Sacombank, said it does not lock the feature but is watching closely to deal with any unusual transactions as they occur.
Airports turn to normal operations
A series of hacks were recorded on Friday afternoon, with the flight information display and loudspeaker system at two major Vietnamese airports compromised.
In the wake of the incidents, the operators of Noi Bai International Airport in Hanoi and Tan Son Nhat International Airport in Ho Chi Minh City were forced to switch off their Internet connection and complete check-in procedures manually instead of online.
The flight information screens at both airdromes were also turned off then, after hackers created offensive messages about Vietnam and the Philippines, as well as a distorted account of the East Vietnam Sea issue.
On Sunday afternoon, as observed by Tuoi Tre (Youth) newspaper, all flight information was displayed at Tan Son Nhat as normal, and ticket purchases and check-in were also proceeding smoothly.
However, the self-service check-in machines of Vietnam Airlines were all out of order. A carrier employee said the machines were faulty and advised passengers to check-in at the counters.
In Hanoi, passengers were also able to check-in and board their flights as usual, with the flight information boards resuming normal service as of Sunday afternoon.
Tran Thi Minh Nguyet, chief of secretariat of the Airports Corporation of Vietnam, said both Noi Bai and Tan Son Nhat airports have returned to stable operations.
“However, some procedures still have to be done manually,” she added.
Nguyet said the hacks had made a considerable impact on the airports’ operations, with the Hanoi terminal more severely affected.