On Thursday, SITA’s air transport data giant, SITA, shared that on February 24, it was the victim of a cyber attack, leading to a data security incident involving certain passenger data that was stored in its Horizon passenger service system servers. This platform operates several processing systems for airlines. As a result, several carriers were notified of the incident.
Passengers are being updated
Skift points out that many airlines on all continents are affected by the data breach. So far, operators that have contacted their customers about the incident include:
- American Airlines
- British Airways
- Cathay Pacific
- Finnair
- Japan Airlines
- Jeju Air
- Lufthansa
- Malaysia Airlines
- New Zealand Air
- SAS
- singapore airlines
- United airlines
In addition, Skift adds that it appears that the breach has affected all Star Alliance member airlines and 1world.
Simple Flying contacted several operators to comment on this data breach. A British Airways spokesman told Simple Flying that this is an industry-wide problem and is not a violation of its own systems, and has not lost any data. An email from the operator to its customers informs them that the names of some members of the British Airways Executive Club, member numbers and some of their preferences, such as seats, have been affected.
A statement from the carrier seen by Simple Flying reads as follows:
“This incident is affecting airlines in different ways. The breach of SITA does not involve financial information or passwords for British Airways customers, as it does not have access to that data. This incident was not a breach of British Airways’ systems and no information was lost from our systems. We take personal data protection very seriously and are asking some members of the Executive Club to reset their passwords as a precaution. “
Additional notifications
Meanwhile, according to TechCrunch, Singapore Airlines shared that it was not a customer of SITA’s Horizon passenger service system, but that approximately half a million frequent flyer members had their “membership number and tier status compromised” . The airline said the transfer of this type of data is “necessary to allow verification of membership status and to provide member airline customers with relevant benefits while traveling.”
United Airlines added that its frequent flyer data stored on the third-party system has been affected. The exposed data consists only of “name and surname, MileagePlus number and Star Alliance level status (Star Gold or Star Silver only).”
United told its passengers the following by email:
“We have strong cyber security measures in place to protect your personal data, and both United and Star Alliance have reviewed our own systems and found no indication that they have been compromised in relation to this incident. However, as a precaution, you can change your MileagePlus account password and we recommend that all members do this regularly as a best practice. “
American Airlines also confirmed that SITA suffered a data security incident involving a limited amount of AAdvantage loyalty data. He added:
“It is important to note that the incident did not result in the compromise of any AAdvantage account password or financial information that may be stored in AAdvantage accounts. We confirm with SITA that certain AAdvantage member names, elite status and AAdvantage number have been affected. We do not believe that this data represents a risk to our loyal members or their AAdvantage miles. As a courtesy, we notify affected AAdvantage members by email. We continue to investigate this incident, but American’s systems have not been compromised as part of it.
A word from SITA
A SITA spokesman told Simple Flying that the investigations indicate that the total period during which the cyberattack (s) were able to access some of their systems was less than a month. He adds that, according to global and industry standards, he identified this cyber attack extremely quickly and acted accordingly. Their investigations are ongoing, but the group is confident it has responded fully.
Overall, the extent of the damage on all airlines has yet to be determined. However, shared statements generally convey that the breach has excluded highly sensitive information, such as passwords, card information, passports.
Simple Flying contacted several airlines about this data breach. We will update the article with any other operator updates.
What do you think of these data breaches? What do you think of the general problems that are occurring? Let us know what you think of the situation in the comments section.