HCMC – Vietnam Airlines said today, October 14, that some customer information, including names, email addresses, and phone numbers, was exposed due to a data security incident involving an online customer service platform operated by one of its global technology partners.
The national flag carrier has sent email notifications to affected customers following reports that around 23 million customer records from several companies, including Vietnam Airlines, were posted for sale on online forums on October 10. The leaked data reportedly includes records dating from November 2020 to June 2025.
According to Vietnam Airlines, the breach occurred through the partner’s customer engagement platform, which serves multiple businesses worldwide. A portion of customer data processed on this platform may have been accessed without authorization, the airline said.
The compromised information may include names, email addresses, phone numbers, dates of birth, and Lotusmiles membership numbers. However, the airline confirmed that sensitive data — such as credit card details, payment information, passwords, travel itineraries, passport numbers, and Lotusmiles account balances — remains secure.
Vietnam Airlines apologized to customers and said it is taking all necessary steps to strengthen data security. The company is working with authorities, cybersecurity experts, and its technology partner to investigate the incident, assess its impact, and enhance protection measures.
To safeguard personal data, the airline urged customers to change their Lotusmiles and linked email passwords, remain vigilant against phishing attempts, and avoid sharing sensitive personal information or one-time passwords (OTPs) with unverified sources.
Vietnam Airlines previously experienced a data breach in 2016 when hackers compromised the personal details of around 400,000 Lotusmiles members, disrupting systems at Noi Bai and Tan Son Nhat airports and delaying more than 100 flights.
