Scootから謎のメールが届き、情報漏洩かと思ったら人為的なミスとの事でした。

旅行・グルメ




突然のScootからのメール

突然、Scootから「Urgent: Negative COVID-19 certificate required for your flight to Guangzhou」という件名でメールが来てびっくりしました。

日程は上記の通りとなっており、メールの送信元は「notiFly@notify.flyscoot.com」となっており、以前送られてきたメールと同じです。
内容としてはシンガポールから中国へ渡航する際に搭乗前の5日以内の新型コロナの検査を行い陰性の証明書を義務付ける事になるという旨のメールでした。

シンガポールから広州へのエアーを予約した覚えはなく、名前予約番号が以前スクートを使った際の予約番号と同じだったので情報漏洩??システムエラー??と気になって問い合わせましたがコールセンターには繫がらないのでしばらく放置していると2通目のメールが来ていました。

人為的なミスとの事

2件目のメールは「Update on erroneous email sent by Scoot」という件名でした。

内容としては、今回ご送信されたメールは情報漏洩やハッキングの被害ではなく、人為的ミスです。本来であれば2020年8月30日に出発するシンガポールから広州へのTR100を予約した乗客のみに送られるはずのメールが過去にスクートで旅行したことがある顧客を含むリストに対して送信された。という内容でした。

そんなミスありえる?

メールの配信はミスが起きないようにそこまで複雑な物にはなっていないと思いますが、今回はそんなミスが起こってしまったという事が少し信じられないですね。

特にwebサイトには何も記載はされていませんでしたが、過去にスクートで旅行したことがある顧客を含むリストと言う事で相当な人数にメールが送られたのだと思います。

こういったトラブルは企業の信用を失うので気をつけて欲しいですね。

気になる人のために以下にメールの文章を貼っておきます。

1通目

Kindly note that there are new requirements for all travellers entering Mainland China. With effect from 28 Aug 2020, 0000hrs, the People’s Republic of China requires all passengers departing from Singapore for China to take a nucleic acid test (NAT) for COVID-19 within 5 days before boarding. More information can be found here.

For passengers booked on TR100 from Singapore to Guangzhou, departing on 30 Aug 2020, 0515hrs, the following testing arrangements have been made by the relevant authorities and must be strictly adhered to.
The NAT for passengers on this flight must be done tomorrow, 26 Aug 2020, 0900hrs – 1030hrs at the Regional Screening Centre (RSC) located at the former Shuqun Secondary School (450 Jurong East Street 21, Singapore 609604). Kindly adhere to the timing to prevent overcrowding at the RSC.

Passengers must bring their passport and a copy of their flight itinerary or confirmed booking for TR100 on 30 Aug 2020 for the NAT to be done. Passengers without the necessary documents will not be able to take the NAT. Passengers must also have a valid email address before arriving at the RSC and will have to provide the email address at registration. The test result will be sent to the email address provided.

Passengers who already have scheduled NATs or are being scheduled for NATs before the flight should proceed with their scheduled NAT. Only passengers without an existing NAT appointment should proceed to the RSC.

Passengers who are unwell or show symptoms such as fever, running nose, sore throat should not go for the NAT. Instead, they should seek care from a doctor.

The NAT will cost SGD 186 for each passenger. After taking the NAT, passengers will receive an email on payment instructions. Passengers must make payment before the NAT results will be released to them.

Take note that as the NAT results will require a turnaround time of 48 hours, passengers must adhere to the time slot of 26 Aug 2020, 0900 to 1030hrs for the NAT to be able to receive the results in time for the flight on 30 Aug 2020.

Please note that there could be circumstances whereby passengers might require a re-test which might affect their ability to board the flight.

Please ensure that you have the necessary documentation and are eligible to travel to and enter Guangzhou, as you will not be able to board the flight if you do not meet the eligibility and documentation requirements. Please accept our sincere apologies for the inconvenience caused.

Yours sincerely,
The Scoot Team

2通目

Scoot is aware that you have received an erroneous email from us regarding new travel requirements for customers booked on one of our flights, TR100 to Guangzhou departing on 30 August 2020. Scoot sincerely apologises for this mistake and would like to provide an explanation on what happened.

The erroneous email was not a data security or hacking incident. Due to human error, an email meant only for passengers booked on TR100 from Singapore to Guangzhou departing on 30 Aug 2020, was mistakenly sent to a distribution list containing customers who have travelled with Scoot in the past, or who have a future booking to any destination.

Scoot understands the worry and concerns that you may have over the use of your personal information. To repeat, we have established that this was not a data security or hacking incident. No new booking has been created. There was also no leak of sensitive personal information; the personal information that was included in the erroneous email was limited to first name and booking confirmation ID, and the erroneous email was sent to the email address associated with the original booking. No third party has been sent an email with your personal information although, if you have previously made a booking on someone else’s behalf, you may see their first name in the email instead of yours. No current bookings can be accessed with this information.

We assure you that Scoot takes this incident very seriously and will conduct an internal review looking into how to further strengthen our internal processes. We have also informed Singapore’s Personal Data Protection Commission of the incident. Should you have questions or concerns, we welcome your feedback at https://help.flyscoot.com/s/email-us; simply select “Concerns” under Case Category and “Email Notification” under Sub-Category 1.

Once again, Scoot sincerely apologises for this oversight.

Yours Sincerely,
Campbell Wilson
Scoot Chief Executive Officer

コメント