News

Cyber Attack Likely Compromised Your Frequent Flyer Data

Posted on 2 Comments

a logo of a company

A “highly sophisticated” cyber attack has comprised frequent flyer data for hundreds of thousands of travelers from airline loyalty programs around the world.

Cyber Attack Harvests Frequent Flyer Data

SITA is one of the largest aviation IT companies in the world and purportedly serves over 90% of airlines (though it does not disclose its client list). Airlines utilize SITA’s passenger service system (PSS) to manage several facets of travel including ticketing, frequent flyer programs, and even aircraft departures.

In a rather cryptic statement on its website on Thursday, SITA noted it had been the “victim of a cyberattack” in February, calling it “a highly sophisticated attack.”

After confirmation of the seriousness of the data security incident on February 24, 2021, SITA took immediate action to contact affected SITA PSS customers and all related organizations.

Already, several airlines have informed their members of the data breach, including:

  • Air New Zealand
  • Finnair
  • Jeju Air
  • Malaysia Airlines
  • Singapore Airlines

SITA also works on behalf of all Star Alliance carriers, including Lufthansa and United.

Air New Zealand told its members in an email that the breach focused on frequent flyer date, however was limited to “your name, tier status and membership number.”

“This data breach does not include any member passwords, credit card information or other personal customer data such as itineraries, reservations, ticketing, passport numbers, email addresses or other contact information.”

Singapore Airlines confirmed that 580,000 of its members were compromised. It also added that passwords, reservations, and credit card information were not hacked. While Singapore Airlines is not a direct client of SITA, it explained:

“All Star Alliance member airlines provide a restricted set of frequent flier program data to the alliance, which is then sent on to other member airlines to reside in their respective passenger service systems.

“This data transfer is necessary to enable verification of the membership tier status, and to accord to member airlines’ customers the relevant benefits while traveling.”

CONCLUSION

It is not clear what the hackers were targeting, but it does appear the information gathered was limited to frequent flyer numbers associated with your name. The breach is an important reminder that our data is vulnerable, yet we should still exercise caution in how we safeguard it.

About Author

Matthew Klint

Matthew is an avid traveler who calls Los Angeles home. Each year he travels more than 200,000 miles by air and has visited more than 135 countries. Working both in the aviation industry and as a travel consultant, Matthew has been featured in major media outlets around the world and uses his Live and Let's Fly blog to share the latest news in the airline industry, commentary on frequent flyer programs, and detailed reports of his worldwide travel.

Related Posts

2 Comments

  1. Richard Reply

    Matt, thanks for the factual report you’ve gleaned from media and FFP sources. The breach was outside of Star Alliance systems, as you noted. We carried out an immediate assessment of our systems. There are no indications that they have been affected. As correctly stated by SQ, only a limited subset of data is shared in order to recognize FFP premium flyers across their alliance journey and accord them their benefits. Shame on your graphic, as it was not Star Alliance systems that were hacked. I’m at your disposal for more dialogue.

  2. Jamieo Reply

    I got a warning email from United about this

Leave a Reply to Jamieo Cancel reply

Privacy Policy © Live and Let's Fly All Rights Reserved. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Live and Let's Fly with appropriate and specific directions to the original content.