Singapore Air’s frequent flyer data hacked
>>SINGAPORE: The information of some 580,000 members of Singapore Airlines Ltd’s frequent flyer programme were compromised by a cyberattack on servers of an associated technology provider, the Business Times reported.
Servers of air transport information technology company SITA were breached on Feb 24, according to the newspaper. The company operates passenger processing systems for airlines and Singapore Air’s Krisflyer and Priority Passenger Service data was affected through its membership in the Star Alliance, the report said. The information in the data breach is limited to membership numbers, tier statuses and names in some cases.
The airline told the newspaper that none of its own information technology systems have been affected, and it is reaching out to all KrisFlyer and Priority Passenger Service members to inform them about the incident. SITA has contacted affected customers and all related organisations, the report said. British Airways and United Airlines Holdings Inc were among carriers affected by a cyberattack that hit the Star and Oneworld alliances, exposing some loyalty-programme member information.
SITA Passenger Service System Inc’s processing services were hit by a “highly sophisticated but limited” breach that targeted personal data stored on servers at its data centre in Atlanta, the company said. The problem was identified on Feb 24, and the hackers were able to access the data for less than a month, it said. SITA PSS is a unit of SITA Group, a closely held international group of companies based in Geneva.
The breach potentially exposes information belonging to frequent flyers worldwide, with 26 member airlines in the Star Alliance and 13 in Oneworld. SITA is still notifying affected airlines and declined to specify what data was compromised. The extent to which each carrier was affected varies, it said. The information collected by SITA PSS was used to facilitate awards of frequent flyer miles and other privileges recognized by each alliance’s member airlines. SITA said it “immediately mobilised” experts to address the breach and that “the matter remains under active investigation.”
Exposed information didn’t include financial information or passwords of British Airways customers, and wasn’t a breach of the carrier’s systems, the airline said by email. Executive Club members’ names, membership numbers and some of their preferences, such as seating, may have been accessed, it said. The carrier encouraged members to reset their programme password.
American Airlines Group Inc and United also said that only similar limited data was disclosed and didn’t include financial information or passwords that would allow access to individual loyalty accounts. The carriers said their own information systems weren’t compromised. SITA only had information for United’s premium frequent flyers, meaning that passengers in the general program wouldn’t have been affected, the airline said.
Singapore Airlines told members of its KrisFlyer loyalty programme that about 580,000 of them were affected and that exposed data included their plan membership number, tier status and, in some cases, their name. That data is all the carrier shares with other Star Alliance members, and credit card information and travel details weren’t involved, it said. Cathay Pacific Airways told its customers that the breach didn’t involve its systems and said their accounts remain secure.
Star Alliance said it collects minimal data from customers so that member airlines can recognise premium customers of each carrier in the group, while Oneworld said the breach didn’t directly affect its systems. Delta Air Lines Inc, a member of the SkyTeam Alliance, said there was “no indication” its information was exposed. The cyberattack was reported earlier by the