Air New Zealand

Air New Zealand, operating as ANZ, is the national airline of New Zealand, headquartered in the country. It provides scheduled passenger air services on domestic routes within New Zealand and international flights connecting New Zealand to destinations across the Asia-Pacific, Americas, and other regions. A core component of its customer engagement is the Airpoints loyalty program, which manages member profiles, points accrual, and redemption benefits for frequent travelers. This program centralizes personal and transactional data for its members, making it a significant aspect of the airline's customer relationship management. The airline's operations are intrinsically linked to New Zealand's transportation infrastructure and tourism sector, serving as the country's flag carrier. Its market scope encompasses both leisure and business travelers, with the Airpoints program designed to foster long-term customer loyalty through tiered membership benefits. The airline's branding and service delivery are positioned around New Zealand's national identity and hospitality.

The airline's management of sensitive customer information has been highlighted by two notable cybersecurity incidents. In August 2019, a phishing attack compromised two staff email accounts, potentially exposing internal documents containing personal details of Airpoints loyalty program members, though customer account passwords and financial data remained secure. In October 2022, a separate credential stuffing attack targeted customer accounts, using credentials from other breaches; the airline confirmed its internal systems were not breached and only a limited number of individual accounts were affected, with no sensitive data exposure or fraudulent transactions. Following each incident, the airline secured compromised accounts, initiated investigations, and communicated with affected customers. These events prompted the company to reinforce security protocols, including mandatory password resets for impacted users and public advisories on adopting unique passwords and multi-factor authentication. The incidents underscore the airline's operational reliance on digital customer platforms and its ongoing efforts to mitigate risks associated with credential reuse and phishing threats against its staff and customer base.