Global aviation industry IT supplier SITA has confirmed it has fallen victim to a cyberattack, with hackers gaining access to personal information of airline passengers.
The information technology and communications company, which claims to serve around 90% of the world’s airlines, said that a cyberattack on February 24, 2021 led to “data security incident” involving passenger data that was stored on SITA Passenger Service System Inc. servers located at Atlanta, Georgia in the United States.
More on privacy
A statement by SITA describes the incident as a “highly sophisticated attack” and said that the company “acted swiftly” to contain the incident, which still remains under investigation by SITA’s Security Incident Response Team, alongside external cybersecurity experts.
“We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber criminals have become more sophisticated and active,” said the SITA statement.
Star Alliance airlines including Singapore Airlines, New Zealand Air and Lufthansa have warned passengers about the SITA data breach, while some One World airlines including Malaysia Airlines, Finnair, Japan Airlines and Cathay Pacific have also informed passengers about the cyberattack. South Korean airline JeJu Air has emailed passengers about the incident
While SITA hasn’t confirmed the exact nature of the information that has been accessed by hackers, a spokesperson told ZDNet that “it does include some personal data of airline passengers”.
Some airlines have detailed what information was accessed in the attack, stating that frequent flyer data – such as name, tier status and membership number – has been stolen. An email sent to customers of New Zealand Air said that the data breach doesn’t contain information on passwords, credit card details, passport information or contact addresses.
An exact figure for the number of passengers affected by the breach remains unclear as SITA has yet to publicly comment on the matter, but a report by The Guardianclaims that hundreds of thousands of passengers could have had their information stolen.
MORE ON CYBERSECURITY
- Data watchdog issues biggest ever fine over airline cyberattack
- Data breaches timeline: EasyJet cyberattack exposes over 9M people, and more CNET
- Cathay Pacific hit with £500,000 fine for customer data breach
- British Airways data theft demonstrates need for cross-site scripting restrictions TechRepublic
- EasyJet faces £18 billion class-action lawsuit over data breach