The global information technology company SITA (opens in new tab) has suffered a data breach (opens in new tab) after hackers were able to gain access to its servers which contain passenger data from multiple airlines around the world.
Almost a dozen different airlines (opens in new tab) have begun informing passengers that some of their data has been accessed after an intruder managed to breach SITA's Passenger Service System (PSS) that is used to handle a number of transactions from ticket reservations to boarding.
While the total number of impacted travelers is not yet known, the figure is already over 2.1m and many of those affected belong to Lufthansa Group's Miles & More traveler loyalty program (opens in new tab) which is the largest in Europe.
- We've built a list of the best endpoint protection software (opens in new tab) available
- These are the best firewalls (opens in new tab) on the market
- Also check out our roundup of the best identity theft protection (opens in new tab)
In a statement (opens in new tab) about its recent security incident, SITA confirmed that it suffered a cyberattack and explained how its Security Incident Response Team is working with cybersecurity experts to learn more about the breach, saying:
“After confirmation of the seriousness of the data security incident on February 24, 2021, SITA took immediate action to contact affected SITA PSS customers and all related organizations. We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack. SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber-security.”
SITA data breach
So far Air New Zealand, Singapore Airlines, Scandinavian Airlines (SAS), Cathay Pacific, Jeju Air, Malyasia Airlines and Finnair have either informed their customers or issued a public statement regarding the data breach.
While other airlines are likely impacted, SITA is waiting until they publish their own statements about the breach before publicly naming them.
Of the airlines affected so far, Air New Zealand, Singapore Airlines, SAS and Cathay Pacific are all members of the Star Alliance global airline network that has 26 members. As a result, other Star Alliance members could have also been affected by the breach.
Thankfully though, the stolen information only includes traveler's service card numbers, their status level and in some cases, their names. Passwords, email addresses and financial data were not obtained in the breach.
We'll likely hear more about the breach once SITA's investigation is complete and other airlines issue statements to their customers.
- We've also highlighted the best antivirus (opens in new tab)
Via BleepingComputer (opens in new tab)