UPDATE: Scoot released a second statement on 25 August after an investigation, saying that the erroneous emails were sent due to human error, and customers’ personal information was not leaked to a third party. See the full statement below.
SINGAPORE — Booked on a flight to Guangzhou? Given the flight restrictions in place around the world amid the COVID-19 pandemic, many would jump at a chance to fly to the Chinese city or anywhere else.
However, an email from Scoot airline to customers on Tuesday (25 August), notifying them about a flight from Singapore to Guangzhou had puzzled them as they had not made any such bookings. The gaffe prompted Scoot to apologise to customers with the low-cost airline clarifying that the emails were mistakenly sent to non-passengers.
Many people had received an email from Scoot informing them that they had to be tested for the COVID-19 coronavirus before embarking on flight TR100 on 30 August. The email told “customers” that they had to take a nuclei acid test for COVID-19, or what is also known as a swab test.
Netizens took to social media to express their confusion, and some were concerned that a breach of personal data may have occurred.
Scoot said, however, that there was no data breach or leak of personal information of customers.
An airline spokesperson said in a statement provided to Yahoo Lifestyle SEA, “Scoot would like to clarify that an email that was meant for passengers booked on TR100 from Singapore to Guangzhou, departing on 30 Aug 2020, 0515hrs, to inform them of new travel requirements for their flight, was mistakenly sent to other customers who were not on the flight.
“Scoot is currently investigating the matter and will provide an update on the findings when possible. For now, it has been established that there was no data breach or leak of personal information. Scoot sincerely apologises for this oversight and our highest priority is establishing what transpired and rectifying the errors.”
Updated statement from Scoot after investigation:
In the afternoon of 25 August 2020, around 2.00pm, an email meant only for customers booked on Scoot flight TR100 from Singapore to Guangzhou departing on 30 Aug 2020, was erroneously sent to a distribution list containing customers who have travelled with Scoot in the past, or who have future bookings with Scoot. This erroneous email arose due to human error, and was not a data security or hacking incident.
Scoot understands the worry and concerns customers would have over the use of their personal information. We have established that no new booking was created. There was also no leak of sensitive personal information; the personal information that was included in the erroneous email was limited to first name and booking confirmation ID, and the erroneous email was sent to the email address associated with the original booking.
We would also like to assure customers that no third party was sent an email with their personal information. However, if they previously made a booking on another party’s behalf, they may see the other party’s first name in the email instead. No current bookings can be accessed with these information.
Scoot takes this incident very seriously and will conduct an internal review looking into how to further strengthen our internal processes. We have also informed Singapore’s Personal Data Protection Commission of the incident and contacted all affected customers with an explanation of what happened. Scoot sincerely apologises to all affected customers.