Data of 580,000 Singapore Airlines’ frequent flyer members were compromised in a security incident which has impacted air transport communications and IT vendor, SITA.
Singapore Airlines (SIA), even though not a customer of SITA, shared a “restricted” set of data as a member of the Star Alliance group. This was necessary to facilitate verification of membership tier status and provide customers of other member airlines the relevant benefits while they travelled.
Those data reside on the passenger service systems of member airlines. SIA did not mention when SITA has informed them about the breach, which impacted the latter’s passenger service system servers.
One member of Star Alliance had used this SITA system. The international airline alliance has 26 members, including Air Canada, United Airlines, and Lufthansa.
The impacted SIA customers were members of its KrisFlyer as well as higher tier PPS frequent flyer programme. The compromised data included the membership number and tier status, but in some cases, membership name was also illegally accessed.
The data leakage was relatively contained as only these details were shared with the Star Alliance group.
Singapore Airlines assured that this data breach does not involve KrisFlyer and PPS member passwords, credit card information, and other customer data such as itineraries, reservations, ticketing, passport numbers, and email addresses. They also informed that none of their IT systems have been affected by this incident.
SITA released a statement on its website confirming the security breach was the result of “a highly sophisticated attack”.
It stated that after being aware of the incident they have taken immediate steps to inform all affected customers. They also deployed “targeted” containment measures.
SITA said that their security incident response team was investigating the breach alongside external cybersecurity experts.
The incident marks the second time in a week that an airline has reported a data breach, which appears also to be the result of the attack targeting SITA.
It is likely that SITA was involved in a breach that affected Malaysia Airlines’ Enrich frequent flyer members. The airlines did not make a public statement on the security incident, but said that it was the result of an attack that targeted a third-party IT service provider, which it did not name.
Image Credits : High Tech Flight