SITA, a large data industry working with some of the world’s largest airlines, Announced Thursday that it was the victim of a “highly sophisticated cyberattack”, the information of which was compromised on hundreds of thousands of airline passengers around the world.
The attack, which took place in February, targeted data stored on SITA’s Passenger Service System servers, which are responsible for storing information regarding transactions between carriers and customers. One of the things that SITA does is to act as a mechanism for exchanging data between different airlines make sure passengers’ “benefits can be used in different cities”.
Understanding what specific data the hackers visited is a bit difficult at this point – although some of it seems to be regular information shared by SITA by members of the Star Alliance, the world’s largest global airline alliance.
An airline alliance is basically a consortium in the industry, and Star’s membership consists of some of the world’s most prominent airlines, including United Airlines, Lufthansa, Air Canada and 23 others. Some of the members have already come forward to announce transgressions in connection with the attack – and SITA itself wants to prevent to admit it that the parties involved are affiliated with alliance members.
One member of the Alliance, Air New Zealand, recently written to customers that the SITA attack ‘affected some of our customers’ data as well as many other Star Alliance airlines. Similarly, Singapore Airlines recently told his customers that some of the data was affected by the violation because Star Alliance member services offer a limited program for regular providers [sic] data to the alliance, which is then sent to other airlines to reside in their respective passenger service systems. ”
G / O Media can get a commission
It is unclear whether all of the Star Alliance members were affected. A SITA representative told TechCrunch that the offense affects “various airlines around the world, not just in the United States,” but does not want to name everyone. We reached out to SITA for comment and will stay tuned if they respond.
So far, it seems that the nature of the offense is wider than deep. That is, many people are affected, although the data shared with SITA in most cases does not seem so extensive. In the case of Singapore Airlines, for example, more than 500,000 people’s data is compromised, although the data does not include things like member routes, passwords, or credit card information. The airline declared:
About 580,000 members of KrisFlyer and PPS were affected by the breach of the SITA PSS servers. The information in question is limited to the membership number and level status and, in some cases, the membership name, as this is the full range of frequent flyer data that Singapore Airlines shares with other Star Alliance member services for this data transfer.
So … having a hacker, knowing how often you fly, does not really look that bad? Although the SITA offense is not so widespread, it is still an excellent example of what third problem parties set for organizations within a supply chain – and what an attractive target they set for hackers. Because of the intricate ways in which personal data is collected, stored, and shared, it is incredibly easy for security officers to miss the weakest link in an industry’s chain. On the other hand, it can be incredibly easy for a hacker to spot one.