If you have frequent flyer accounts on multiple airlines, it’s likely that you’ve received one or more emails in the past few days about a data breach. What is going on, exactly?
On February 24, 2021, SITA suffered a “highly sophisticated” attack on its IT systems, which compromised the information of millions of passengers. Specifically, certain data stored on the servers of SITA Passenger Service Systems was accessed. The company claims to have contacted all affected SITA PSS customers and all related organizations.
For those unfamiliar with the company, SITA essentially provides IT services to the aviation industry worldwide, including airlines, airports and operators on the ground. SITA is involved in everything from operational business practices, baggage management and passenger management.
SITA has passenger details stored on its servers, and some of that data may have been accessed. The good news is that, for the most part, no password or payment method has been compromised, but this seems to focus mainly on names, frequent flyer numbers and elite status.
You may have been notified of a data breach, even if you have a frequent flyer account with an airline that is not a direct customer of SITA. This may be the case if you have booked an itinerary that involves travel on multiple airlines, if you used your frequent flyer account when traveling with another airline, etc. For example, here’s part of the email I received yesterday from American Airlines:
American is not a SITA PSS customer. However, the incident affected certain AAdvantage loyalty data, as some of our partner airlines store loyalty data on SITA PSS. We exchange a limited set of frequent flyer loyalty data with our partner airlines to ensure recognition of the loyalty status of our AAdvantage members when traveling.
Result
A data breach at the aviation IT company SITA potentially means that the frequent flyer details of millions of travelers have been compromised. The good news is that it seems to be mostly very basic details that may have been compromised, not payment methods, passwords, etc.
However, if you received a notice of the violation, it may make sense to change your account password.
Have you been affected by this SITA data breach?