Singapore’s low-cost airline Scoot said it has ruled out a data breach as it investigates why a batch of emails were sent to the wrong customers.
Scoot made the announcement after dozens complained about receiving multiple emails telling them to obtain a “negative COVID-19 certificate” before departing Singapore for Guangzhou, China. The recipients said that they had booked no such flights and raised alarm the carrier had been hacked.
In a statement to Coconuts Singapore today, Scoot said that the emails were meant to inform passengers booked on Scoot flight TR100 from Singapore to Guangzhou of the new travel requirement. But they were “mistakenly” sent to other customers, it said.
“Scoot is currently investigating the matter and will provide an update on the findings when possible. For now, it has been established that there was no data breach or leak of personal information,” the statement read. “Scoot sincerely apologises for this oversight and our highest priority is establishing what transpired and rectifying the errors.”
The airline did not respond to questions about the number of customers it had wrongly sent the emails to or the total number of emails sent.
A number of those spammed by the airline today, including Facebook user Kingston Chua, said 18 emails with the same subject line “Urgent: Negative COVID-19 certificate required for your flight to Guangzhou” arrived all at once.
Each email contained unique booking reference numbers.
“[T]hanks Scoot, it’s so urgent you had to make sure i got it. And the best part is I’m not flying!” Facebooker Dave Teo wrote online, including a screenshot of 18 of the same emails sent to him all at once at 2:20pm.
“I got the same thing. Scam? Maybe got hacked?” user Jws Enitsugua wrote.