British Airways, United Airlines Holdings Inc. and Singapore Airlines Ltd. among cyberattack-influenced carriers, who hit the Star and Oneworld alliances, revealed some loyalty program member information.
SITA Passenger Service System Inc. processing services. hit by a “very robust but limited” breach aimed at personal data stored on servers at its data center in Atlanta, the company confirmed in an email statement. The problem was identified on Feb. 24, and the hackers were able to access the data for less than a month, he said. SITA PSS is a unit of SITA Group, an international group of Geneva-based companies.
The breach could provide information that is often shared around the world, with 26 airlines in the Star Alliance and 13 in Oneworld. SITA continues to contact affected airlines and has refused to specify what data has been compromised. The extent to which each carrier was affected varies, he said. The information collected by SITA PSS was used to award prizes of frequent flight miles and other benefits recognized by the airlines of each federation.
SITA said it had sent “experts immediately” to deal with the breach and that “the matter is still under active investigation.”
Read more: Watchdog warns of weak Cybersecurity in DOD Weapons of Contracts
Open information did not include financial information or passwords of British Airways customers, nor did it violate the carrier’s systems, the airline said in an email. The names of the members of the Governing Club, membership numbers and some of their preferences, such as seats, may have been obtained, he said. The carrier encouraged members to reset their program password.
American Airlines Group Inc. said. and United also disclosed only limited similar data and did not include financial information or passwords that allowed access to individual loyalty accounts. The carriers said their own information systems were not compromised. SITA only had information for United’s main flights, meaning passengers would not be affected in the general program, the airline said.
Singapore Airlines told members of their KrisFlyer loyalty program in an email that about 580,000 of them had been affected and that open data included their plan membership number, rank status and, in part of cases, the name. Those data are all behavioral shares with other Star Alliance members, and credit card information and travel details were not involved, he said. Cathay Pacific Airways told its customers that the system was not involved in the breach and said their accounts remain secure.
Star Alliance said it is collecting minimal data from customers so that airlines can identify key customer members of each group in the group, while Oneworld said the breach did not directly affect their systems. Delta Air Lines Inc., a member of the SkyTeam Federation, said there was “no indication” that its information had been leaked.
The cyberattack was reported earlier by the Business Times.