SITA, a large data company that works with some of the largest airlines in the world, announced Thursday who had been the victim of a “highly sophisticated cyberattack,” compromising the information of hundreds of thousands of air passengers around the world.
The attack, which took place in February, targeted data stored on SITA’s passenger service system servers, which are responsible for storing information related to transactions between operators and customers. One of the things SITA does is act as a data exchange mechanism between different airlines, helping it. ensure that the “benefits of passengers can be used in different transport operators” in a systematic way.
Understanding what specific data hackers accessed is a bit difficult at the moment, although it would seem that part of it was more frequent information than members of Star Alliance, the world’s largest airline alliance. , shared with SITA.
An airline alliance is basically an industry consortium and Star’s composition is made up of some of the world’s leading airlines, including United Airlines, Lufthansa, Air Canada and 23 more. Of these members, a number has already been advanced to announce breaches in connection with the attack, and the same SITA would appear to have recognized that the affected parties are connected to members of the alliance.
An Alliance member, Air New Zealand, recently wrote to customers that “some of our customers’ data, as well as that of many other Star Alliance airlines,” had been affected by the SITA attack. Similarly, Singapore Airlines recently they told their customers that some of its data had been affected by the gap because “Star Alliance member airlines offer a restricted set of frequent flyer programs [sic] data to the alliance, which are then sent to other member airlines to reside in their respective passenger service systems ”.
G / O Media may receive a commission
It is unclear whether all Star Alliance members have been affected. A SITA representative said TechCrunch that the gap “affects several airlines around the world, not just the United States,” but refused to name them all. We have contacted SITA for feedback and will update if they respond.
So far, it seems that the nature of the gap is wider than deep. That is, it seems that many people have been affected, although in most cases the data that was being shared with SITA does not seem so extensive. In the case of Singapore Airlines, for example, more than 500,000 people were committed to their data, even though the data did not include items such as member itineraries, passwords, or credit card information. The airline he stated:
About 580,000 members of KrisFlyer and PPS have been affected by the breach of SITA PSS servers. The information involved is limited to membership number and level status and, in some cases, membership name, as it is the full extension of frequent flyer data that Singapore Airlines shares with other Star airlines Alliance for this data transfer.
So … letting a hacker know how often he flies doesn’t really seem that bad, does it? However, even if SITA’s non-compliance is not so extensive, it is another great example of what kind of problem the third one is. the parties pose for organizations in a supply chain, and what an attractive goal it is for hackers. Because of the complicated ways in which personal data is collected, stored and shared, it is incredibly easy for security officials to lose the weakest link in an industry chain. On the other hand, it can be incredibly easy for a hacker to spot one.