Passenger data from multiple airlines across the world has been compromised after hackers breached servers belonging to SITA, an information technology company. However, the spokesperson of SITA, is declined to say how many airlines have been impacted by the breach, confirming only that the data includes some personal data of airline customers, including frequent flyer account data.
American, United, Lufthansa, Singapore and FinnAir are among several airlines whose frequent flyer information might have been compromised in the attack. Close to a dozen air carriers have informed passengers that some of their data has been accessed by an intruder breaching SITA's Passenger Service System (PSS), a service that handles transactions from ticket reservations to boarding.
Specualtions are made that, there is over 2.1 million, most of them being participants in Lufthansa Group’s Miles & More frequent flyers and awards program, the largest in Europe. As per Bleepingcomputer, all companies have already informed their customers or issued a public statement about the breach.
- Lufthansa - combined with its subsidiaries, it is the second-largest airline in Europe in terms of passengers carried; Star Alliance member and Miles & More partner
- Air New Zealand - flag carrier airline of New Zealand
- Singapore Airlines - flag carrier airline of Singapore
- SAS - Scandinavian Airlines (disclosure here);
- Cathay Pacific - flag carrier of Hong Kong
- Jeju Air - the first and largest South Korean low-cost airline
- Malaysia Airlines - flag carrier airline of Malaysia
- Finnair - flag carrier and largest airline of Finland
Some reports say that Japan Airlines is also affected. The first four companies in the list are part of Star Alliance, a global airline network with 26 members, Lufthansa being one of the five founders. A larger number of carriers are likely impacted but SITA declined to name them before they publish statements about the breach.
SITA says that it confirmed "the seriousness of the data security incident on February 24, 2021," without disclosing how many individuals have been impacted or when the attack occurred.
A Lufthansa representative said in a statement for BleepingComputer that the hackers entered the reservation system of an Asian airline that is a Star Alliance member between January 21 and February 11.
Star Alliance received a notification from SITA about the PSS breach on February 27. Star Alliance says that they were informed that not all its member carriers are affected, but it does not exclude this possibility.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
