SITA, a large data company that works with some of the largest airlines in the world, announced on Thursday that he was the victim of an “extremely sophisticated cyber attack” that compromised information about hundreds of thousands of passengers around the world.
The attack, which took place in February, targets data stored on SITA’s passenger service system servers, which are responsible for storing information related to transactions between carriers and customers. One of the things SITA does is to act as a data exchange mechanism between different airlines – helping to make sure that “Passenger benefits may be used from different carriers” in a systematic way.
Understanding the specific data accessed by hackers is a bit difficult at the moment – although it seems that some of this was information about frequent flights, shared with SITA by members of Star Alliance, the world’s largest airline alliance in the world.
An airline alliance is essentially an industrial consortium, and Star’s membership is made up of some of the world’s most prominent airlines – including United Airlines, Lufthansa, Air Canada and 23 other airlines. Of those members, a number have already taken a step forward to report violations of the attack – and SITA itself would appear to have recognized that the affected parties are connected to the members of the alliance.
A member of the Alliance, Air New Zealand, recently wrote to customers that “some of our customers’ data, as well as that of many other Star Alliance airlines,” was affected by the SITA attack. Similarly, Singapore Airlines recently he told his clients that some of its data was affected by the breach because “Star Alliance member airlines offer a restricted set of frequent flight schedules [sic] data to the alliance, which are then sent to other member airlines to live in their respective passenger service systems. ”
G / O Media may receive a commission
It is unclear whether all Star Alliance members were affected. A representative of SITA said TechCrunch that the violation “affects various airlines around the world, not just the United States,” but declined to name them all. I contacted SITA for comments and we will update if they respond.
So far, it seems that the nature of the violation is wider than deep. That is, many people seem to have been affected, although in most cases the data that has been shared with SITA does not seem so extensive. In the case of Singapore Airlines, for example, over 500,000 people had compromised data, although the data did not include things like members’ itineraries, passwords, or credit card information. The airline stated:
About 580,000 KrisFlyer and PPS members were affected by the SITA PSS server breach. The information involved is limited to membership number and status status and in some cases membership name, as this is the full extent of the frequently circulating data that Singapore Airlines shares with other Star Alliance member airlines for this data transfer. .
So … having a hacker to know how often you fly doesn’t seem so bad, right? However, even if the SITA violation is not so widespread, it is yet another excellent example of what kind of problem is the third parties represent supply chain organizations – and what an attractive target they make for hackers. Due to the complicated ways in which personal data is collected, stored and shared, it is incredibly easy for security officials to miss the weakest link in an industry chain. On the other hand, it can be incredibly easy for a hacker to identify one.