23 million records leaked in Vietnam Airlines–linked data breach

In an email sent to customers on Oct. 14, the national carrier said it was alerted after hackers uploaded 23 million customer records belonging to several companies, including Vietnam Airlines, on data-trading forums on Oct. 10. The leaked dataset contained information ranging from November 2020 to June 2025.

According to the airline, the breach stemmed from a global technology firm that operates its customer care platform. Vietnam Airlines was among multiple companies using the system that were affected. Some of the airline’s customer data processed through the platform "may have been accessed without authorization," it said.

The leaked data may include customers' names, email addresses, phone numbers, dates of birth and Lotusmiles membership numbers. However, the airline stressed that sensitive details, such as credit card and payment information, passwords, travel itineraries, passports and Lotusmiles account balances, remain secure.

Vietnam Airlines apologized to customers and said it is working with cybersecurity experts, authorities and its technology partner to investigate the breach, determine its scope and enhance protective measures.

It advised customers to change their Lotusmiles and linked email passwords, be cautious of phishing emails, fake calls or scams impersonating Vietnam Airlines, and avoid sharing personal details or OTP codes on unverified websites.

This is the airline’s second major data security incident in less than a decade. In 2016, hackers attacked its website and leaked the personal data of 400,000 Lotusmiles members, disrupting check-in systems at Hanoi’s Noi Bai and Ho Chi Minh City’s Tan Son Nhat airports and delaying more than 100 flights.