Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SITA Data Breach Affects Millions Of Travelers From Major Airlines

SITA Data Breach Affects Millions Of Travelers From Major Airlines

Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company.

Close to a dozen air carriers have informed passengers that some of their data has been accessed by an intruder breaching SITA’s Passenger Service System (PSS), a service that handles transactions from ticket reservations to boarding.

The total number of travelers impacted remains unclear but the figure is over 2.1 million, most of them being participants in Lufthansa Group’s Miles & More frequent flyers and awards program, the largest in Europe.

Star Alliance, Oneworld airlines affected

SITA confirmed the cyberattack in a short public statement on Thursday saying that it contacted affected PSS customers and all related organizations.

A SITA representative told BleepingComputer that the intrusion impacts data of passengers from the airlines listed below. All companies have already informed their customers or issued a public statement about the breach.

  • Lufthansa – combined with its subsidiaries, it is the second-largest airline in Europe in terms of passengers carried; Star Alliance member and Miles & More partner
  • Air New Zealand – flag carrier airline of New Zealand
  • Singapore Airlines – flag carrier airline of Singapore
  • SAS – Scandinavian Airlines (disclosure here); 
  • Cathay Pacific – flag carrier of Hong Kong
  • Jeju Air – the first and largest South Korean low-cost airline
  • Malaysia Airlines – flag carrier airline of Malaysia
  • Finnair – flag carrier and largest airline of Finland

Some reports say that Japan Airlines is also affected. The first four companies in the list are part of Star Alliance, a global airline network with 26 members, Lufthansa being one of the five founders.

Also Read: Key PDPA Amendments 2019/2020 You Should Know

A larger number of carriers are likely impacted but SITA declined to name them before they publish statements about the breach.

SITA says that it confirmed “the seriousness of the data security incident on February 24, 2021,” without disclosing how many individuals have been impacted or when the attack occurred.

A Lufthansa representative said in a statement for BleepingComputer that the hackers entered the reservation system of an Asian airline that is a Star Alliance member between January 21 and February 11.

Star Alliance received a notification from SITA about the PSS breach on February 27. Star Alliance says that they were informed that not all its member carriers are affected, but it does not exclude this possibility.

Singapore Airlines disclosed the breach on Thursday, explaining how data of approximately 580,000 members of its KrisFlyer frequent flyer program has been compromised. The company also emailed its customers saying that while it does not use SITA’s PSS, another Star Alliance member does, meaning that SITA has access to a restricted set of frequent flyer data shared by all Star Alliance members.

The Miles & More frequent flyer program counts among its partners 37 airline partners that include all 26 Star Alliance member. Other partners in the program are:

  • luxury and affordable hotels (Althoff, Hyatt, Marriott International, Jumeirah, Kempinski, Meliá, BestWestern, H-Hotels, HRS, Hyatt, IHG)
  • car rental companies (Sixt, Hertz, AVIS, Europcar, Enterprise, Budget)
  • shops for redeeming loyalty point (Dezerved, Heathrow Rewards, Heinemann, Lufthansa WorldShop, Bicester Village Shopping Collection, welcome Shop)
  • finance companies (UniCredit, Visa)
  • travel agencies (Get Your Guide, Kreuzfahrten)

Because the hackers breached the reservation system of the undisclosed Asian Airline that is also a Star Alliance member, customer data from Miles & More is also impacted by the incident – about 1.35 million participants in the program, many having the “frequent flyer” status, Lufthansa said.

The stolen information refers to the service card number, the status level, and, in some cases, the name of the participant. More sensitive details (passwords, email addresses) are not impacted.

Star Alliance confirmed to BleepingComputer that its members share customer details that are relevant to awarding traveling benefits and are limited to membership name, frequent flyer program membership number and program tier status.

To note, among the carriers affected by the breach – directly or indirectly – are members of the Oneworld airline alliance (Malaysia Airlines, Cathay Pacific, Finnair).

In emails to customers, Finnair disclosed that some of their frequent flyer data has been accessed as part of the SITA PSS breach. As in the case of Singapore Airlines, the company does not use PSS and the incident occurred because Finnair shares some frequent flyer data with its partners.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

h/t Troy Hunt

Yle reports that about 200,000 members of the Finnair Plus program are affected. However, the stolen data cannot be used to access accounts for that program. Also, the airline assesses that “the risk of this data being misused in other contexts is relatively low.”



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us