Dubai: Etihad Airways on Wednesday said it is investigating a possible leak of data belonging to customers who took part in a promotional campaign in 2013.

Personal details of thousands of people who took part in the promotion are believed to have been leaked at a third-party company, which worked with the airline.

In a statement emailed to Gulf News, an Etihad spokesperson said although the possible data breach affected “a small number” of its loyalty programme, the carrier is taking the matter seriously.

“Etihad Airways is investigating a possible compromise of information belonging to a small number of members of its loyalty program,” the spokesperson said.

The data, sent to Gulf News by an anonymous source, includes names, email addresses and other personal information of around seven thousand individuals from Etihad’s loyalty programme from around the world, including in the Middle East, United States and Europe.

Etihad stressed, however, the leak “does not include sensitive or financial information, and presents no threat to the security of Etihad Guest member’s accounts.”

Legal options

“It also appears this information was misappropriated from a marketing vendor involved in a promotional campaign in 2013. As a consequence, Etihad Airways is considering all its legal options as a matter of priority,” Etihad said.

The data also includes phone numbers and IP addresses, which could be used to identify an individual’s home address.

The third-party company behind the breach is Dubai-based EmailCiti, an email and content marketing solutions provider, according to the source.

EmailCiti Chief Executive Omar Al Shoukbaki told Gulf News the breach is being handled by the company’s legal team and directed further questions to EmailCiti founder Khaled Jabasini.

Jabasini confirmed to Gulf News the leaked personal details came from a promotional website EmailCiti had built for Etihad in 2013. It is unclear when the breach took place.

He told Gulf News the data may have been taken from a lost or stolen computer used to work on the promotion but declined to say whether he believed it was an Etihad or EmailCiti computer.

“All parties involved in the promotion” had access to the data, he said, adding that his company is continuing to work on other projects with Etihad.

The Etihad data loss is small in comparison to other breaches at major international companies.

In 2011, Sony said personal details of over 100 million customers who played games on its Sony Online Entertainment (SOE) PC games network and PlayStation Network (PSN) had been stolen.

Etihad Airways is no longer working with EmailCiti.

A spokesperson told Gulf News by phone on Thursday the airline is not working on any other projects with EmailCity and has ended its commercial relationship with the company.