Air transport communications and information technology provider SITA has confirmed it was victim of a cyber attack last month, raising concerns for the data security of hundreds of thousands of travellers.
The firm – which provides IT systems for around 90 per cent of the global aviation industry – said that the US servers of its Passenger Service System were attacked on February 24, 2021.
The SITA PSS system operates passenger processing systems for Star Alliance, members of which include Lufthansa, Singapore Airlines and United Airlines.
In a statement SITA said:
“We recognize that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.
“SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber-security.
“If you are the customer of an airline and have a Data Subject Access Request in relation to the handling of your personal data, this request must be made directly to that airline in accordance with GDPR and data protection legislation. SITA is unable to respond directly to any such request.”
Singapore Airlines is contacting its frequent flyer members to update them on the situation – one of your colleagues received the following this morning:
“SITA, an information technology company providing passenger service systems, has informed Singapore Airlines of a data security breach involving their passenger service systems’ (SITA PSS) servers. While Singapore Airlines is not a customer of the SITA PSS, another Star Alliance member airline is.
“All Star Alliance member airlines provide a restricted set of frequent flyer programme data to the alliance, which is then sent on to other member airlines to reside in their passenger service systems. This data transfer is necessary to enable the verification of membership tier status, and to accord to member airlines’ customers the relevant benefits while travelling.
“As a result, SITA has access to the restricted set of frequent flyer programme data for all 26 Star Alliance member airlines including Singapore Airlines.
“Some of our members were affected by the breach of the SITA PSS server. The impacted data is limited to the members’ KrisFlyer membership number and tier status and, in some cases, membership name, which is the full extent of the frequent flyer data set Singapore Airlines shares with other Star Alliance member airlines for this data transfer.
“Specifically, this data breach does not involve KrisFlyer membership passwords, credit card information, and other customer data such as itineraries, reservations, ticketing, passport numbers, and email addresses as SIA does not share this information with other Star Alliance member airlines for this data transfer.
“We are contacting you to inform you that your KrisFlyer data was not impacted by this breach of the SITA PSS server. Your KrisFlyer miles balance was also not compromised.
“We would also like to reassure you that none of Singapore Airlines’ IT systems have been affected by this incident.
“The protection of our customers’ personal data is of utmost importance to Singapore Airlines. We will work with our partners to review the current procedures, and take all necessary steps to improve data security.”
The new follows this week’s admission by Malaysia Airlines of a nine-year data security breach of its Enrich frequent flyer scheme.
Business Traveller will update this article as more information becomes available.
