SITA Announces Data Security Incident Affecting Several Airlines

• SITA has had a data breach on its ticket service product ‘Horizon,’ affecting numerous airlines.
• Already, Finnair, Singapore Airlines, Jeju Air, and also Malaysia Airlines have admitted a problem.
• SITA hasn’t provided many details but stated that the actors who targeted them were very sophisticated.

SITA (Société Internationale de Télécommunications Aéronautiques), the Swiss IT solutions provider for air transport communications, published an announcement where they admit a data security incident as a result of a successful cyber-attack against their systems. The firm has confirmed that certain passenger data stored on its servers, as well as the passenger processing systems for several airlines, have been compromised by the infiltrators. SITA says this was clearly a very sophisticated attack, although the announcement refrains from giving any details.

SITA places the time of the incident on February 24, 2021, informs the public that all customers and related organizations have already been informed about the potential implications, and provides assurances about acting swiftly to contain the damage. Being a Europe-based entity, SITA will also have to deal with GDPR legislation, so its security incident response team is already working together with external expert infosec investigators to figure out what exactly was compromised.

Among the affected airlines are Malaysia Airlines, Finnair, Singapore Airlines, and Jeju Air. SITA provides passenger ticketing and reservation solutions to several airlines across the globe, so this incident could have widespread consequences. For now, we don’t know who else may have been affected, but on SITA’s website, the firm claims to have 2,800 customers, covering almost every airline and airport in the world. However, not every one of them uses SITA’s Horizon passenger service system, which is what was compromised.

One of them, Singapore Airlines, has announced that about 580,000 of its customers suffered an exposure due to a data leak incident that is apparently related to SITA’s case. Those are members of the KrisFlyer and PPS Club reward programs, and only details relevant to these were exposed. Reportedly, no passports, ticketing information, itineraries, or email addresses were affected by this breach.

Many people have changed their Finnair Plus password after we told about a data breach. Our servers have occasionally been busy because of this. Password change is a precautionary measure and it's not urgent. The breached data cannot be used to access your Finnair Plus account.

— Finnair (@Finnair) March 4, 2021

Finnair also published a statement to inform its clients to reset their account passwords out of precaution, but this appears to have caused server downtime due to overloading. The airline assured its customers that their Finnair Plus accounts and data are safe.

Thank you for getting back to us, @juanajaafar. Kindly note that Malaysia Airlines has no evidence that the incident affected any account passwords. We nevertheless encourage members to change their passwords as a precautionary measure. -JJ

— Malaysia Airlines (@MAS) March 1, 2021

Malaysia Airlines has also announced that the incident affects their frequent flyer program members, but they clarified that they have no evidence that any account passwords have been compromised. Still, they are as well urging customers to change passwords out of precaution.