Progress report and important information about the JAL Mileage Bank Amazon Gift
Certificate Award and unauthorized access to the JAL website

Earlier this year, we discovered that JAL Mileage Bank (JMB) accounts were accessed from the JAL website by unauthorized third parties to redeem miles for awards. In light of this situation, the redemption of JMB miles for the Amazon Gift Certificate Award has been temporarily suspended from 16:00 on February 2, 2014 (Japan time). We deeply apologize for the concern and inconvenience caused by the unauthorized access incident and the temporary suspension of this redemption service.

An investigation into this incident is currently underway. We are therefore sharing this current report based on our findings to date, as well as our actions going forward.

To investigate these instances of unauthorized access, we launched an internal investigation and also secured the services of a third-party security consultant company. These investigations found no evidence that our servers have been accessed by unauthorized third parties or that JMB membership numbers and PINs have been compromised from a service or website provided by JAL. JMB members have been informed about this incident via the JAL website and by email. For accounts that may have been the target of unauthorized access and unauthorized redemption to Amazon Gift Cards, we have notified all affected JMB members individually and taken the associated actions. We have found no evidence of unauthorized activity for any other redemption programs.

After temporarily suspending the Amazon Gift Certificate Award, we have received many requests from JMB members to reopen this redemption service. In response to these requests, we plan to reopen the Amazon Gift Certificate Award service after implementing stronger security measures. An announcement will be made on the JAL website when this service reopens.

JAL takes this incident very seriously. We are committed to determining the complete facts and we continue to devote our efforts to prevent the recurrence of similar incidents. In consideration of recent internet security risks, we will be introducing enhanced monitoring activities for our servers, as well as stronger security measures and improved monitoring activities for the JAL website. For better online security, we also recommend that our customers take the appropriate security measures.

Once again, we sincerely apologize to all of our customers and other parties concerned for the significant inconvenience and concern that this situation may cause.

For inquiries, please contact the JAL Mileage Bank Center of your region.

* Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

April 24, 2014
Japan Airlines