SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry. The company provides its services to around 400 members and 2,800 customers worldwide, which it claims is about 90% of the world’s airline business. Around the world, nearly every passenger flight relies on SITA technology.
This week the company announced it has suffered a highly sophisticated, hackers had access to certain passenger data stored on servers of SITA Passenger Service System (PSS). The total number of travelers impacted in the security breach is still unknown.
“Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines. After confirmation of the seriousness of the data security incident on February 24, 2021, SITA took immediate action to contact affected SITA PSS customers and all related organizations,” reads the company’s statement.
“SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber-security.”
The cyberattack impacted multiple airlines, including Singapore Airlines, Lufthansa, Malaysia Airlines, Cathay Pacific, SAS-Scandinavian Airlines, Finland’s Finnair, Jeju Air, and Air New Zealand.
Singapore Airlines disclosed the security breach this week, the airline confirmed that approximately 580,000 members of its KrisFlyer frequent flyer program have been impacted.
The airline notified its customers and informed them that it doesn’t use the SITA PSS, but at least one of the 26 Star Alliance member airlines use the PSS system, and SITA has access to some frequent flyer program data for all Star Alliance airlines.
“Star Alliance received a notification from SITA about the PSS breach on February 27. Star Alliance says that they were informed that not all its member carriers are affected, but it does not exclude this possibility.” reported BleepingComputer.
According to the impacted airlines, intruders have had access to some customers’ data, including name, tier status, and membership number. At the time of this writing, there is no indication that any sensitive or financial data compromised.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, data breach)