SITA, the air transport data giant SITA, said on Thursday that it was the victim of a cyber attack on February 24, which led to a data security incident involving certain passenger data stored on its Horizon passenger service system servers is. This platform operates various processing systems for airlines. As a result, several carriers were notified of the incident.
Passengers are being updated
Shift emphasizes that many airlines across the continents are affected by the data breach. So far, the service providers who contacted their customers about the incident include:
- American Airlines
- British Airways
- Cathay Pacific
- Finnair
- Japan Airlines
- Jeju Air
- Lufthansa
- Malaysia Airlines
- New Zealand Air
- SAS
- Singapore Airlines
- United Airlines
In addition, Skift adds that it appears that the violation is all Star Alliance airline members and oneworld.
Simple Fly has contacted several service providers for comment on this data breach. A British Airways spokesman confirmed to Simple Flying that this was a business incident and that it was not a breach of its own systems, and that it had not lost any data. An email from the operator to its customers states that the names of British Airways Executive Club members, membership numbers and some of their preferences, such as seat, have been affected.
A statement from the carrier seen by Simple Flying reads as follows:
‘This incident affects airlines in different ways. SITA’s breach does not involve financial information or passwords of British Airways’ customers as it does not have access to this data. This incident was not a violation of British Airways’ systems, and no information was lost from our systems. We take the protection of personal data extremely seriously and ask some members of the Executive Club to reset their passwords as a precaution. ā
Additional notifications
Meanwhile, according to TechCrunch, Singapore Airlines reported that it was not a customer of SITA’s Horizon passenger service system, but that a membership number and level status was hampered in about half a million members of regular kites. The airline said the transfer of this type of data ‘is essential to verify the status of membership status, and to provide the airlines’ relevant benefits while traveling.’
United Airlines added that the data regularly stored in the third-party system was affected. The exposed data consists only of ‘first and last name, MileagePlus number and Star Alliance level status (Star Gold or Star Silver only).’
United told its passengers by email:
“We have strong cyber security measures in place to protect your personal data, and both United and Star Alliance have reviewed our own systems and found no indication that it was compromised in connection with this incident. However, out of sheer caution, you may want to change your MileagePlus account password, and we recommend that all members do so regularly as a best practice. ā
American Airlines also confirmed this SITA had a data security incident which includes a limited amount of AAdvantage loyalty data. It added:
“It is important that the incident did not result in any passwords for AAdvantage accounts or financial information that could be stored in AAdvantage accounts being compromised. We have confirmed with SITA that certain AAdvantage members’ name, elite status and AAdvantage number have been affected. We do not believe this data poses a risk to our loyalty members or their AAdvantage mileage. As a courtesy, we have notified the affected members of AAdvantage by email. We are continuing to investigate this incident, but the US systems were not compromised as part of this incident.
A word from SITA
A SITA spokesperson told Simple Flying that investigations indicate that the total period during which the cyber attacker (s) could gain access to some of its systems was less than one month. It adds that the cyber attack was very quickly identified and acted upon according to world and industrial standards. The investigation continues, but the group is confident that it has responded thoroughly.
In general, the extent of the damage in all airlines must be determined. However, the shared statements believe that the breach excluded extremely sensitive information such as passwords, card information and passports.
Simple Flying has reached out to several airlines regarding this data breach. We will update the article with any further updates from the service providers.
What are your thoughts on these data breaches? What do you make of the overall problems that occur? Let us know what you think of the situation in the comments section.