Japan Airlines Data Breach Exposes Personal Information of 28,000 Customers
Japan Airlines (JAL) has disclosed a data breach affecting up to 28,000 customers who used its Same-Day Luggage Delivery Service since July 10, 2024. The unauthorized access occurred at approximately 12:40 a.m. local time on Monday, targeting the reservation system for the baggage delivery service, which transports passengers’ luggage from airports to hotels.
Exposed data includes names, email addresses, phone numbers, flight numbers, departure and arrival airports, and hotel names. JAL confirmed that credit card numbers and passwords were not compromised, and no other airline services were impacted. In response, the airline has temporarily suspended the luggage delivery service while investigating the incident.
The breach was first reported by News.Az, an Azerbaijani news portal, which noted that the compromised system was accessed by a third party. JAL has not yet identified the attacker or the method of intrusion. The incident highlights growing cybersecurity risks in the travel and logistics sectors, where sensitive customer data is frequently handled.
Source: https://news.az/news/japan-airlines-says-up-to-28-000-users-affected-by-data-breach
Japan Airlines cybersecurity rating report: https://www.rankiteo.com/company/japan-airlines
"id": "JAP1770796780",
"linkid": "japan-airlines",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '28,000',
'industry': 'Aviation/Travel',
'location': 'Japan',
'name': 'Japan Airlines (JAL)',
'type': 'Airline'}],
'data_breach': {'number_of_records_exposed': '28,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Personally Identifiable Information '
'(PII)',
'type_of_data_compromised': ['Names',
'Email addresses',
'Phone numbers',
'Flight numbers',
'Departure and arrival airports',
'Hotel names']},
'date_detected': '2024-07-15T00:40:00+09:00',
'description': 'Japan Airlines (JAL) has disclosed a data breach affecting up '
'to 28,000 customers who used its Same-Day Luggage Delivery '
'Service since July 10, 2024. The unauthorized access occurred '
'at approximately 12:40 a.m. local time on Monday, targeting '
'the reservation system for the baggage delivery service. '
'Exposed data includes names, email addresses, phone numbers, '
'flight numbers, departure and arrival airports, and hotel '
'names. JAL confirmed that credit card numbers and passwords '
'were not compromised, and no other airline services were '
'impacted.',
'impact': {'data_compromised': 'Personal information of 28,000 customers',
'identity_theft_risk': 'Potential risk due to exposed personal '
'information',
'operational_impact': 'Temporary suspension of luggage delivery '
'service',
'payment_information_risk': 'None (credit card numbers not '
'compromised)',
'systems_affected': 'Reservation system for Same-Day Luggage '
'Delivery Service'},
'investigation_status': 'Ongoing',
'references': [{'source': 'News.Az'}],
'response': {'containment_measures': 'Temporary suspension of luggage '
'delivery service'},
'title': 'Japan Airlines Data Breach Exposes Personal Information of 28,000 '
'Customers',
'type': 'Data Breach'}