Japan Airlines (JAL) has confirmed that the personal information of up to 750,000 JAL miles club members were leaked following unauthorised access of the airline's database by an external server this week.
The attack affected the data of between 110,000 and 750,000 members of JAL's miles club, which grants passengers points for flying with the airlines and gives them discounts on future flights.
However, the airline has not yet confirmed if the customers' passwords or credit card details were also leaked, reported AAP.
"The impact for JAL's customers is that their personal data may have been revealed to other organisations which may make these people a target for identity theft and fraud," said the Australia and New Zealand regional director of information security company Clearswift, David De Laine.
Read more AFP apologises for privacy breach
"The data breach could also tarnish corporate reputation, break the trust of loyal customers and in turn jeopardise future company revenue."
The lesson for organisations such as JAL is to invest in data security, he said. "It's really important for organisations to have a data loss prevention system in place and a breach response plan."
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia