/>
X

Airlines warn passengers of data breach after aviation tech supplier is hit by cyberattack

Sita, which provides IT of services to 90% of the world's airlines, warns of "data security incident" after falling victim to a "highly sophisticated attack"
danny-palmer
Written by Danny Palmer, Senior Writer on

Global aviation industry IT supplier SITA has confirmed it has fallen victim to a cyberattack, with hackers gaining access to personal information of airline passengers.

The information technology and communications company, which claims to serve around 90% of the world's airlines, said that a cyberattack on February 24, 2021 led to "data security incident" involving passenger data that was stored on SITA Passenger Service System Inc. servers located at Atlanta, Georgia in the United States.

A statement by SITA describes the incident as a "highly sophisticated attack" and said that the company "acted swiftly" to contain the incident, which still remains under investigation by SITA's Security Incident Response Team, alongside external cybersecurity experts.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

"We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber criminals have become more sophisticated and active," said the SITA statement.

Star Alliance airlines including Singapore Airlines, New Zealand Air and Lufthansa have warned passengers about the SITA data breach, while some One World airlines including Malaysia Airlines, Finnair, Japan Airlines and Cathay Pacific have also informed passengers about the cyberattack. South Korean airline JeJu Air has emailed passengers about the incident

While SITA hasn't confirmed the exact nature of the information that has been accessed by hackers, a spokesperson told ZDNet that "it does include some personal data of airline passengers".

Some airlines have detailed what information was accessed in the attack, stating that frequent flyer data – such as name, tier status and membership number – has been stolen. An email sent to customers of New Zealand Air said that the data breach doesn't contain information on passwords, credit card details, passport information or contact addresses.

An exact figure for the number of passengers affected by the breach remains unclear as SITA has yet to publicly comment on the matter, but a report by The Guardianclaims that hundreds of thousands of passengers could have had their information stolen.

MORE ON CYBERSECURITY

Related

Federal courts hit by "significant and sophisticated" cyberattack in 2020
Close-up of a person wearing glasses leaning toward a computer screen. Lines of code reflect on the glasses.

Federal courts hit by "significant and sophisticated" cyberattack in 2020

Cyber Threats
Digital presenteeism is creating a future of work that nobody wants
Eyes of a man  peering over the top of a laptop screen working late into the night with a dark empty office behind him

Digital presenteeism is creating a future of work that nobody wants

Digital Transformation
Oil and gas giant Petrobras readies Latin America's largest supercomputer
supercomputer.jpg

Oil and gas giant Petrobras readies Latin America's largest supercomputer

Computing