Global air transport tech giant SITA has recently disclosed a data breach. The incident didn’t only affect its own systems, rather also indirectly affected multiple airlines.
SITA Data Breach
Reportedly, the technology giant Société Internationale de Télécommunications Aéronautiques (SITA) has admitted a cyberattack impacting other airlines as well.
SITA is a global air transport technology giant empowering 2800 customers from the aviation sector globally.
As revealed via their press release, SITA has suffered a data breach on February 24, 2021. Upon knowing of the incident, the firm reported all the airlines affected by this incident.
While they haven’t shared any precise details of the attack in their notice, they did confirm its sophistication.
We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.
Airlines Continue With Breach Disclosures
Although, SITA didn’t name any specific airlines affected by the incident. However, the respective airlines have started disclosing the incident themselves.
Some of the affected airlines include Singapore Airlines (press release), Lufthansa, Air New Zealand (email to customers), Cathay Pacific, SAS – Scandinavian Airlines, Malaysian Airlines, Finnair (informed via emails, as Troy Hunt shared), and Jeju Air. TechCrunch has also mentioned United Airlines and American Airlines as data breach victims.
Besides, it also affected the traveler loyalty program Miles and More.
In the case of these airlines, the breached data potentially includes details about the passengers. For instance, Singapore Airlines disclosed that the breach affected “580,000 KrisFlyer and PPS members” exposing their “membership number and tier status and, in some cases, membership name”.
Whereas, Finnair has supposedly asked its customers to reset passwords in the wake of the incident.
Many people have changed their Finnair Plus password after we told about a data breach. Our servers have occasionally been busy because of this. Password change is a precautionary measure and it's not urgent. The breached data cannot be used to access your Finnair Plus account.
— Finnair (@Finnair) March 4, 2021
Given the extent of the attack and its impact, more airlines may likely make similar disclosure in the coming days.