Big airlines sound alarm on cyberattack
British Airways, United Airlines and Singapore Air are among the carriers that were hit by a breach exposing data of loyalty programme members
London — British Airways, United Airlines Holdings and Singapore Airlines were among carriers affected by a cyberattack that hit the Star and Oneworld alliances, exposing some loyalty programme member information.
Sita Passenger Service System’s (PSS’s) processing services were hit by a “highly sophisticated but limited” breach that targeted personal data stored on servers at its data centre in Atlanta, the company confirmed in a statement. The problem was identified on February 24, and the hackers were able to access the data for less than a month, it said. Sita PSS is a unit of Sia Group, a closely held international group of companies based in Geneva.
The breach potentially exposes information belonging to frequent flyers worldwide, with 26 member airlines in the Star Alliance and 13 in Oneworld. Sita is still notifying affected airlines and declined to specify what data was compromised. The extent to which each carrier was affected varies, it said. The information collected by Sita PSS was used to facilitate awards of frequent flyer miles and other privileges recognised by each alliance’s member airlines.
Sita said it “immediately mobilised” experts to address the breach and that “the matter remains under active investigation”.
Exposed information did not include financial information or passwords of British Airways customers, and was not a breach of the carrier’s systems, the airline said. Executive Club members’ names, membership numbers and some of their preferences, such as seating, may have been accessed, it said. The carrier encouraged members to reset their programme password.
United does not see an immediate risk for its MileagePlus members because anyone trying to access miles would need passwords to access individual accounts, a spokesperson for the Chicago-based company said. Sita only had information for United’s premium frequent flyers, meaning passengers in the general programme would have been unaffected. United and the Star Alliance have found no indications their systems were compromised, the carrier said.
Singapore Airlines told members of its KrisFlyer loyalty programme that about 580,000 of them were affected and that exposed data included their plan membership number, tier status and, in some cases, their name. That data is all the carrier shares with other Star Alliance members, and credit card information and travel details were not involved, it said. Cathay Pacific Airways told its customers the breach did not involve its systems and said their accounts remain secure.
Oneworld and member American Airlines Group did not immediately comment on the breach.
The cyberattack was reported earlier by the Business Times.
Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.