On Thursday, SITA air transport data giant SITA shared that on February 24th, it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on its Horizon passenger service system servers. This platform operates several processing systems for airlines. As a result, several carriers have been notified of the incident.
Passengers are being updated
Skift highlights that many airlines across the continents are affected by the data breach. So far, the carriers that have contacted their customers about the incident include:
- American Airlines
- British Airways
- Cathay Pacific
- Finnair
- Japan Airlines
- Jeju Air
- Lufthansa
- Malaysia Airlines
- New Zealand Air
- SAS
- Singapore Airlines
- United Airlines
Moreover, Skift adds that it appears that the breach has impacted all airline members of Star Alliance and oneworld.
Simple flying contacted several carriers for comment on this data breach. A British Airways spokesperson affirmed to Simple Flying that this is an industry-wide issue and is not a breach of its own systems, and it has not lost any data. An email from the operator to its customers shares that some British Airways Executive Club members’ names, membership numbers, and some of their preferences, such as seating, have been impacted.
A statement from the carrier seen by Simple Flying reads as follows:
“This incident is affecting airlines in different ways. SITA’s breach does not involve British Airways’ customers’ financial information or passwords as it does not have access to this data. This incident was not a breach of British Airways’ systems and no information has been lost from our systems. We take the protection of personal data extremely seriously and are asking some Executive Club Members to reset their passwords as a precautionary measure.”
Addtional notifications
Meanwhile, according to TechCrunch, Singapore Airlines shared that it was not a client of SITA’s Horizon passenger service system but that approximately half a million frequent flyer members had their “membership number and tier status compromised.” The airline said that the transfer of this type of data is “necessary to enable verification of the membership tier status, and to accord to member airlines’ customers the relevant benefits while traveling.”
United Airlines added that its frequent flyer data stored in the third-party system was impacted, The exposed data solely consist of “first and last name, MileagePlus number, and Star Alliance tier status (Star Gold or Star Silver only).”
A word from SITA
A SITA spokesperson told Simple Flying that investigations indicate that the total period during which the cyber-attacker(s) were able to access some of its systems was less than one month. It adds that by global and industry standards, it identified this cyber-attack extremely quickly and acted accordingly. Its investigations are ongoing, but the group is confident that it has responded thoroughly.
Overall, the extent of the damage across all airlines is yet to be determined. However, the shared statements generally convey that the breach excluded highly sensitive information such as passwords, card information, passports.
Simple Flying reached out to several airlines regarding this data breach. We will update the article with any further updates from the carriers.
What are your thoughts about these data breaches? What do you make of the overall issues occurring? Let us know what you think of the situation in the comment section.
