Airline passenger data from some Star Alliance members has been stolen by hackers targeting one of the industry’s leading technology providers.
Sita has admitted it was the “victim of a cyberattack” affecting passenger data stored on its Passenger Service System (PSS) for airlines.
Hackers are believed to stolen personal data from hundreds of thousands of airline customers, although it appears the data is limited to frequent flyer details rather than passwords and credit card information.
“After confirmation of the seriousness of the data security incident on 24 February 2021, Sita took immediate action to contact affected SITA PSS customers and all related organisations,” said Sita in a statement.
“We recognise that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cybercriminals have become more sophisticated and active. This was a highly sophisticated attack.”
Air New Zealand said in an email to customers that a Star Alliance partner had been affected by the breach “involving some of our customers’ data as well as that of many other Star Alliance airlines”.
“The Star Alliance member airlines share minimal frequent flyer data between each other and limited third parties to ensure benefits can be used across different carriers, for example access to member lounges," added the carrier.
“Unfortunately, some of your information has been involved in this data breach however, this is limited to your name, tier status and membership number.”
Around 580,000 Singapore Airlines customers have also been affected by the Sita data link, affecting its KrisFlyer and PPS Club reward programmes with information such as membership numbers, tier status and names compromised.
“It is not possible for someone to access any confidential customer data or their miles with only the leaked information,” said the airline.