Global Airline Passenger Data Breach Exposes Frequent Flyer Information
A sophisticated cyberattack on Sita, a Geneva-based IT provider serving approximately 90% of the global aviation industry, has compromised the personal data of hundreds of thousands of airline passengers worldwide. The breach, detected on 24 February, targeted Sita’s passenger service system (PSS) servers, which handle ticketing, baggage processing, and other critical operations for major airlines.
Sita, which supports the Star Alliance—including carriers like Singapore Airlines, Lufthansa, United, Air New Zealand, Cathay Pacific, and Malaysia Airlines—confirmed the incident in a statement, describing it as a "highly sophisticated attack." The company acted swiftly to contain the breach and launched an investigation with external cybersecurity experts.
Affected airlines were notified, with Air New Zealand informing passengers via email that the breach exposed frequent flyer data, including names, membership numbers, and tier status. However, the compromised data did not include passwords, credit card details, passport numbers, or travel itineraries.
The breach highlights vulnerabilities in shared aviation IT infrastructure, as Star Alliance members routinely exchange passenger data to facilitate loyalty program benefits. Sita’s U.S.-based subsidiary, SITA Passenger Service System (US) Inc, operates the affected servers in Atlanta, though the company’s headquarters remain in Switzerland. Investigations into the attack remain ongoing.
SITA cybersecurity rating report: https://www.rankiteo.com/company/sita
Civil Aviation Authority of Singapore cybersecurity rating report: https://www.rankiteo.com/company/civil-aviation-authority-of-singapore
"id": "SITCIV1768166633",
"linkid": "sita, civil-aviation-authority-of-singapore",
"type": "Breach",
"date": "3/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Hundreds of thousands of '
'airline passengers',
'industry': 'Aviation',
'location': 'Geneva, Switzerland',
'name': 'SITA',
'type': 'IT Systems Operator'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'Malaysia',
'name': 'Malaysia Airlines',
'type': 'Airline'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'Singapore',
'name': 'Singapore Airlines',
'type': 'Airline'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'Germany',
'name': 'Lufthansa',
'type': 'Airline'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'United States',
'name': 'United Airlines',
'type': 'Airline'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'Finland',
'name': 'Finnair',
'type': 'Airline'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'South Korea',
'name': 'Jeju Air',
'type': 'Airline'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'Hong Kong',
'name': 'Cathay Pacific',
'type': 'Airline'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'New Zealand',
'name': 'Air New Zealand',
'type': 'Airline'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'China',
'name': 'Air China',
'type': 'Airline'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'Switzerland',
'name': 'Swiss International Air Lines',
'type': 'Airline'},
{'customers_affected': 'Passengers',
'industry': 'Aviation',
'location': 'Canada',
'name': 'Air Canada',
'type': 'Airline'}],
'customer_advisories': 'Emails sent to affected passengers explaining the '
'breach and data compromised',
'data_breach': {'number_of_records_exposed': 'Hundreds of thousands',
'personally_identifiable_information': 'Name, tier status, '
'membership number',
'sensitivity_of_data': 'Low to medium (name, tier status, '
'membership number)',
'type_of_data_compromised': 'Frequent flyer data'},
'date_detected': '2021-02-24',
'date_publicly_disclosed': '2021-03-04',
'description': 'Data on hundreds of thousands of airline passengers around '
'the world was hacked via a highly sophisticated attack on the '
'IT systems operator SITA, which serves around 90% of the '
'global aviation industry. The breach affected passenger data '
"held on SITA's servers.",
'impact': {'data_compromised': 'Passenger data including name, tier status, '
'and membership number',
'payment_information_risk': 'None (credit card information not '
'compromised)',
'systems_affected': 'Passenger Service System (PSS) servers'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Financial Times'}],
'response': {'communication_strategy': 'Contacted affected customers and '
'related organizations',
'containment_measures': 'Targeted containment measures initiated',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Leading external experts in '
'cyber-security'},
'title': 'SITA Passenger Service System Cyber Attack',
'type': 'Data Breach'}