Almost a dozen different airlines have begun informing passengers that some of their data has been accessed after an intruder managed to breach SITA's Passenger Service System (PSS) that is used to handle a number of transactions from ticket reservations to boarding.
While the total number of impacted travelers is not yet known, the figure is already over 2.1m and many of those affected belong to Lufthansa Group's Miles & More traveler loyalty program which is the largest in Europe.
- We've built a list of the best endpoint protection software available
- These are the best firewalls on the market
- Also check out our roundup of the best identity theft protection
In a statement about its recent security incident, SITA confirmed that it suffered a cyberattack and explained how its Security Incident Response Team is working with cybersecurity experts to learn more about the breach, saying:
“After confirmation of the seriousness of the data security incident on February 24, 2021, SITA took immediate action to contact affected SITA PSS customers and all related organizations. We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack. SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber-security.”
SITA data breach
So far Air New Zealand, Singapore Airlines, Scandinavian Airlines (SAS), Cathay Pacific, Jeju Air, Malyasia Airlines and Finnair have either informed their customers or issued a public statement regarding the data breach.
While other airlines are likely impacted, SITA is waiting until they publish their own statements about the breach before publicly naming them.
Of the airlines affected so far, Air New Zealand, Singapore Airlines, SAS and Cathay Pacific are all members of the Star Alliance global airline network that has 26 members. As a result, other Star Alliance members could have also been affected by the breach.
Thankfully though, the stolen information only includes traveler's service card numbers, their status level and in some cases, their names. Passwords, email addresses and financial data were not obtained in the breach.
We'll likely hear more about the breach once SITA's investigation is complete and other airlines issue statements to their customers.
- We've also highlighted the best antivirus