Outspread SITA Security Breach Exposes More Airlines [Updated]
Over 2 Million Frequent Flyers Across Airline Alliances Have Been Affected.
After SITA issued an official statement last Thursday confirming it had been the subject of a sophisticated cyberattack, more airlines confirmed they have been directly affected. It appears the SITA security breach affected all carrier members of Star Alliance and the One World alliance.
Among the companies that have independently disclosed the impact of the breach are Singapore Airlines, Air New Zealand, British Airways, American Airlines, Lufthansa, Malaysia Airlines, Finnair, Japan Airlines, United Airlines, SAS, Cathay Pacific, South Korean airline Juju Air, and Romanian airline TAROM.
Singapore Airlines, British Airways, and Finnair stated that no financial details or passwords have been accessed by the attackers. In most cases, it appears the breach targeted frequent flyer membership number, tier status, and membership names. However, in the case of British Airways, some stolen data sets reportedly had a name attached to the frequent flyer number. The only way those accounts could be hacked is if the passenger’s name appears on another hacked ID list from a different company, and the password leaked in that breach was the same as his British Airways password. It may sound unlikely, but it’s definitely not impossible.
On the evening of March 5th, people noticed they couldn’t log into their BA accounts. They were obstructed from logging in using their membership number, and only email addresses were being accepted. Some of them couldn’t use their email address either but found that their username, which BA tried to eliminate a few years ago, was working. Some users appeared to have specific difficulties resetting their passwords using Chrome.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
On April 29th, Romanian national carrier TAROM confirmed it has been a victim of the SITA security breach. The airline has contacted its customers about the incident via email, mentioning that certain passenger data stored on SITA Passenger Service System, including names, addresses, nationality, passport numbers, gender, birth dates, and frequent flyer numbers have been exposed.
The company assured that the matter is under continued investigation by SITA’s Security Incident Response Team and external cybersecurity experts.
When asked what information is stored on its Horizon PSS, SITA replied:
At minimum, passenger systems will include a passenger’s name, itinerary and some form of contact information in order to facilitate making a travel reservation. There may be additional information as required by governments to enable travel or as optionally provided by passengers to express their preferences and entitlements.
Singapore Airlines, Finnair, and British Airways have all made it clear that the breach did not harm their internal systems.
It is still unclear when exactly the breach started but SITA confirmed the gravity of the attack on February 24th. They immediately informed affected PSS customers and related organizations about the attack.
The global air transport giant had nothing more to disclose at this stage except that it will act swiftly to try and contain the threat and that incident responders and third-party specialists are constantly monitoring the situation.
Among the lessons learned following the SITA incident, is that a fundamental change in how the industry approaches security is of paramount importance when it comes to protecting today’s complex infrastructure. Although the data breach occurred within a vendor’s systems, it’s the airlines’ responsibility to ensure the privacy of their customers’ data. In short, it’s critically important that both vendors and companies collaborate and build a sound security ecosystem.
I received the email from TAROM on June 20th and now I find out this is 2 months old news.