Air New Zealand is warning over 100,000 Airpoints members that some of their data may have been breached in a cyber attack.
The airline emailed customers today apologising and warning them to be on the lookout for phishing emails.
The Privacy Commissioner John Edwards told 1 NEWS he was made aware of the issue on July 31.
"We're sorry to advise that some of your personal information may have been affected by a recent phishing incident relating to two Air New Zealand staff accounts," spokesperson Jeremy O'Brien said.
The company said they have about 3.2 million Airpoints members and about 3.5 per cent of them may have been impacted.
It said they had contacted the 112,000 potentially affected customers directly.
"While your Airpoints account was not accessed, some information relating to your membership profile may have been visible in our internal documents should these documents have been accessed. This will vary by member and could include details such as Airpoints number, members’ name and email, as an example."
"Your Airpoints password and your credit card details are not affected.
"We have secured the two affected accounts and are conducting a thorough investigation.
"We're also focused on further hardening our security processes to help prevent any similar incidents from happening in the future.
"We would encourage you to be on the lookout for phishing emails over the next few months."