Following a cyber attack last March 4, hundreds of thousands of Star Alliance passengers’ details have been stolen. SITA, which serves the Star Alliance of airlines including the likes of Singapore Airlines, Lufthansa and United, stated the “highly sophisticated” attack on the IT systems operator led to a breach of hundreds of thousands of airline passenger data held on its servers.
The American company serves around 90% of the global aviation industry, running passenger processing systems such as ticketing and baggage control for major airlines. In a press release SITA confirmed it “was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines.”
They added that “after confirmation of the seriousness of the data security incident on February 24th, 2021, SITA took immediate action to contact affected SITA PSS customers and all related organisations.”
SITA, which serves the Star Alliance of airlines including Singapore Airlines, Lufthansa and United, says it has been the victim of a cyber attackhttps://t.co/l1sCCIP3wu— WION (@WIONews) March 5, 2021
The press release also stated that “SITA recognises that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.” Whilst assuring that “SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber-security.”
Malaysia Airlines, Singapore Airlines, Finnair and South Korean carrier Jeju Air were informed by SITA that their passengers had been affected by the breach of its passenger service system (PSS) servers. Passengers of Air New Zealand were also affected and received an email from the airline on Friday to say that “some of our customers’ data as well as that of many other Star Alliance airlines” had been affected.
Star Alliance, which also includes Air China, Swiss and Air Canada, shares data between carriers to ensure benefits can be spread among each member airline. The breach was linked to frequent flyer data however it was limited to “your name, tier status and membership number”, the email from Air New Zealand said. “This data breach does not include any member passwords, credit card information or other personal customer data such as itineraries, reservations, ticketing, passport numbers, email addresses or other contact information,” passengers were told.
SITA stated “If you are the customer of an airline and have a Data Subject Access Request in relation to the handling of your personal data, this request must be made directly to that airline in accordance with GDPR and data protection legislation. SITA is unable to respond directly to any such request.”