SITA (Société Internationale de Télécommunications Aéronautiques), the Swiss IT solutions provider for air transport communications, published an announcement where they admit a data security incident as a result of a successful cyber-attack against their systems. The firm has confirmed that certain passenger data stored on its servers, as well as the passenger processing systems for several airlines, have been compromised by the infiltrators. SITA says this was clearly a very sophisticated attack, although the announcement refrains from giving any details.
SITA places the time of the incident on February 24, 2021, informs the public that all customers and related organizations have already been informed about the potential implications, and provides assurances about acting swiftly to contain the damage. Being a Europe-based entity, SITA will also have to deal with GDPR legislation, so its security incident response team is already working together with external expert infosec investigators to figure out what exactly was compromised.
Among the affected airlines are Malaysia Airlines, Finnair, Singapore Airlines, and Jeju Air. SITA provides passenger ticketing and reservation solutions to several airlines across the globe, so this incident could have widespread consequences. For now, we don’t know who else may have been affected, but on SITA’s website, the firm claims to have 2,800 customers, covering almost every airline and airport in the world. However, not every one of them uses SITA’s Horizon passenger service system, which is what was compromised.
One of them, Singapore Airlines, has announced that about 580,000 of its customers suffered an exposure due to a data leak incident that is apparently related to SITA’s case. Those are members of the KrisFlyer and PPS Club reward programs, and only details relevant to these were exposed. Reportedly, no passports, ticketing information, itineraries, or email addresses were affected by this breach.
Finnair also published a statement to inform its clients to reset their account passwords out of precaution, but this appears to have caused server downtime due to overloading. The airline assured its customers that their Finnair Plus accounts and data are safe.
Malaysia Airlines has also announced that the incident affects their frequent flyer program members, but they clarified that they have no evidence that any account passwords have been compromised. Still, they are as well urging customers to change passwords out of precaution.