Millions of travelers of several airlines impacted by SITA data breach

SITA, a multinational IT company that provides services to the air transport industry was the victim of cyberattack that impacted multiple airlines.

SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry. The company provides its services to around 400 members and 2,800 customers worldwide, which it claims is about 90% of the world’s airline business. Around the world, nearly every passenger flight relies on SITA technology.

This week the company announced it has suffered a highly sophisticated, hackers had access to certain passenger data stored on servers of SITA Passenger Service System (PSS). The total number of travelers impacted in the security breach is still unknown.

“Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines. After confirmation of the seriousness of the data security incident on February 24, 2021, SITA took immediate action to contact affected SITA PSS customers and all related organizations,” reads the company’s statement.

“SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber-security.”

The cyberattack impacted multiple airlines, including Singapore Airlines, Lufthansa, Malaysia Airlines, Cathay Pacific, SAS-Scandinavian Airlines, Finland’s Finnair, Jeju Air, and Air New Zealand.

Singapore Airlines disclosed the security breach this week, the airline confirmed that approximately 580,000 members of its KrisFlyer frequent flyer program have been impacted.

The airline notified its customers and informed them that it doesn’t use the SITA PSS, but at least one of the 26 Star Alliance member airlines use the PSS system, and SITA has access to some frequent flyer program data for all Star Alliance airlines.

“Star Alliance received a notification from SITA about the PSS breach on February 27. Star Alliance says that they were informed that not all its member carriers are affected, but it does not exclude this possibility.” reported BleepingComputer.

According to the impacted airlines, intruders have had access to some customers’ data, including name, tier status, and membership number. At the time of this writing, there is no indication that any sensitive or financial data compromised.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.