The loyalty programmes of some of the world’s biggest airlines have been hit by a sophisticated a cyber-attack it has been revealed.
The attack was launched on SITA Passenger Service System, the company which manages the information for the frequent flyers programmes for the 26 member airlines in the Star Alliance and 13 airline companies in the Oneworld, group.
In a statement it said: “SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines.
“After confirmation of the seriousness of the data security incident on 24 February 2021, SITA took immediate action to contact affected SITA PSS customers and all related organisations.
“We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.”
It added: “SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber-security.”
Sita said it was notifying affected airlines and refused to provide information on the scope and type of information that may have been stolen in the incident.
Singapore Airlines has emailed its KrisFlyer loyalty programme members to say some 580,000 members may have been affected. British Airlines has emailed its Executive Club members to say they need to change their passwords.
In the US American Airlines and United said the data that could have been accessed was limited and didn’t include financial information or passwords that would allow access to individual loyalty accounts. Cathay Pacific Airways told its customers that the breach didn’t involve its systems and said their accounts remain secure.