Star Alliance passenger data stolen in SITA data breach

Hackers stole passenger names and membership details in a “highly sophisticated attack”

The tails of various passenger aircrafts including Star Alliance and Lufthansa planes

Air transport IT supplier SITA has said that hundreds of thousands of passengers have had their data stolen following a cyber attack on its systems.

SITA, which services roughly 90% of the airline industry, announced on Thursday that it suffered a data breach on 24 February involving a portion of passenger data stored on its servers. The compromised servers in question operate passenger processing systems on behalf of airlines including those comprising the Star Alliance group.

SITA describes itself as the world’s leading specialist in air transport IT and communications and supplies hundreds of customers including Star Alliance, the world’s largest airline group. Prominent airlines that fall under the Star Alliance umbrella include United Airlines, Lufthansa, Thai Airways, and Air New Zealand, among 22 others.

The IT supplier said it briefed its customers and partners after mitigating the attack, and asked the airline group to inform their own customers that their data was stolen. Air New Zealand passengers, for example, were told in an email that their data was accessed, including details such as their name, frequent flier tier status, and membership number.

“We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active,” SITA said in a statement. “This was a highly sophisticated attack.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

“SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber-security.”

Like the OneWorld group, Star Alliance shares data between its member airlines to ensure passengers can enjoy perks and benefits between the partnering airlines. It’s unclear how many passengers from its 26 members were affected, or whether the hack compromised the data of all passengers from all airlines.

The Guardian has claimed that SITA informed Malaysia Airlines, Singapore Airlines, Finnair, and Jeju Air based in South Korea that their passengers had been affected by the breach, alongside the reports of Air New Zealand passengers being hit.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Preparing for AI-enabled cyber attacks
Whitepaper

Preparing for AI-enabled cyber attacks

22 Jul 2021