What is Hackers Just Looted Passenger Data From Some

By | March 25, 2021

SITA, a data company that works with some of the world’s largest airlines, announced on Thursday that it had fallen victim to a “highly sophisticated cyber-attack”, the likes of which tied up with hundreds of thousands of airline passengers worldwide.

The attack, which took place in February, targets data stored on SITA’s passenger service system servers, which are responsible for storing transactions-related information between carriers and customers. One of the things SITA does is act as a mechanism for data exchange between different airlines – helping to ensure that the passenger “benefits can be used across different carriers” in an orderly fashion.

Understand what specific data the hackers accessed, at this point, a bit daunting – although it appears that some of it is consistently shared by members of the world’s largest global airline alliance, Star Alliance, with SITA Gone was the information.

An airline alliance is basically an industry association, and Star’s membership includes some of the world’s most prominent airlines – United Airlines, Lufthansa, Air Canada and 23 others. Of those members, a number have already gone on to declare violations in relation to the attack – and the SITA itself acknowledges that the affected parties are associated with coalition membership.

Air New Zealand, a member of the Alliance, recently wrote to customers that “some of our customers’ data as well as that of many other Star Alliance airlines” have also been affected by the SITA attack. Similarly, Singapore Airlines recently told its customers that some of its data has been affected by the breech because “Star Alliance members provide a frequent flyer program [sic] restricted set of data for the Airlines alliance, which later Are sent to other member airlines. Residing in their respective passenger service systems. ”

It is not clear whether all Star Alliance members have been affected. A representative from SITA told TechCrunch that the breech “not only affects various airlines around the world in the United States,” but declined to name them all. We have reached out to SITA for comment and will update if they respond.

So far, it appears that the nature of the breach is wider than deep. That is, a lot of people have been affected, although in most cases the data being shared with SITA is not as comprehensive. For example, in the case of Singapore Airlines, more than 500,000 people had their data compromised, although the data did not include things like member itineraries, passwords, or credit card information. The airline said:

About 580,000 KrisFlyer and PPS members have been affected by the SITA PSS server breach. The information involved is limited to membership number and tier status, and in some cases, membership name, as it is the full extent of frequent flyer data that Singapore Airlines shares with other Star Alliance member airlines for this data transfer.

So … a hacker knows how often you fly, it doesn’t really sound bad, does it? However, even if the SITA breach is not that widespread, it is yet another great example of what problems third parties have for organizations within the supply chain – and how attractive they target for hackers. . Due to the complex ways personal data is collected, stored and shared, it is incredibly easy for security officers to remember the weakest link in an industry chain. On the other hand, it can be incredibly easy for a hacker to see a single location.

Leave a Reply

Your email address will not be published.