Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company.
Close to a dozen air carriers have informed passengers that some of their data has been accessed by an intruder breaching SITA’s Passenger Service System (PSS), a service that handles transactions from ticket reservations to boarding.
The total number of travelers impacted remains unclear but the figure is over 2.1 million, most of them being participants in Lufthansa Group’s Miles & More frequent flyers and awards program, the largest in Europe.
SITA confirmed the cyberattack in a short public statement on Thursday saying that it contacted affected PSS customers and all related organizations.
A SITA representative told BleepingComputer that the intrusion impacts data of passengers from the airlines listed below. All companies have already informed their customers or issued a public statement about the breach.
Some reports say that Japan Airlines is also affected. The first four companies in the list are part of Star Alliance, a global airline network with 26 members, Lufthansa being one of the five founders.
Also Read: Key PDPA Amendments 2019/2020 You Should Know
A larger number of carriers are likely impacted but SITA declined to name them before they publish statements about the breach.
SITA says that it confirmed “the seriousness of the data security incident on February 24, 2021,” without disclosing how many individuals have been impacted or when the attack occurred.
A Lufthansa representative said in a statement for BleepingComputer that the hackers entered the reservation system of an Asian airline that is a Star Alliance member between January 21 and February 11.
Star Alliance received a notification from SITA about the PSS breach on February 27. Star Alliance says that they were informed that not all its member carriers are affected, but it does not exclude this possibility.
Singapore Airlines disclosed the breach on Thursday, explaining how data of approximately 580,000 members of its KrisFlyer frequent flyer program has been compromised. The company also emailed its customers saying that while it does not use SITA’s PSS, another Star Alliance member does, meaning that SITA has access to a restricted set of frequent flyer data shared by all Star Alliance members.
The Miles & More frequent flyer program counts among its partners 37 airline partners that include all 26 Star Alliance member. Other partners in the program are:
Because the hackers breached the reservation system of the undisclosed Asian Airline that is also a Star Alliance member, customer data from Miles & More is also impacted by the incident – about 1.35 million participants in the program, many having the “frequent flyer” status, Lufthansa said.
The stolen information refers to the service card number, the status level, and, in some cases, the name of the participant. More sensitive details (passwords, email addresses) are not impacted.
Star Alliance confirmed to BleepingComputer that its members share customer details that are relevant to awarding traveling benefits and are limited to membership name, frequent flyer program membership number and program tier status.
To note, among the carriers affected by the breach – directly or indirectly – are members of the Oneworld airline alliance (Malaysia Airlines, Cathay Pacific, Finnair).
In emails to customers, Finnair disclosed that some of their frequent flyer data has been accessed as part of the SITA PSS breach. As in the case of Singapore Airlines, the company does not use PSS and the incident occurred because Finnair shares some frequent flyer data with its partners.
Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service
Yle reports that about 200,000 members of the Finnair Plus program are affected. However, the stolen data cannot be used to access accounts for that program. Also, the airline assesses that “the risk of this data being misused in other contexts is relatively low.”
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.