A major aviation IT company has been breached in what appears to be a coordinated supply chain attack affecting multiple airlines and hundreds of thousands of passengers.
SITA provides IT and telecoms services to around 400 members in the industry, claiming to serve around 90% of the global airline business.
It revealed yesterday that attackers had compromised passenger data stored on its SITA Passenger Service System servers in the US. It said these servers operate passenger processing systems for airline clients.
“After confirmation of the seriousness of the data security incident on February 24 2021, SITA took immediate action to contact affected SITA PSS customers and all related organizations,” it continued.
“We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.”
The company had little else to disclose at this stage except that it acted swiftly to try and contain the threat and that incident responders and third-party experts are continuing to monitor the situation.
It’s believed that the attack was responsible for the Malaysia Airlines breach which compromised its Enrich frequent flyer data between 2010 and 2019.
Singapore Airlines also released a statement this week to the same effect. Although the airline said it is not a customer of SITA, the attackers managed to compromise its KrisFlyer and PPS members’ data via a fellow Star Alliance member.
“Around 580,000 KrisFlyer and PPS members have been affected by the breach of the SITA PSS servers,” it noted in a statement.
“The information involved is limited to the membership number and tier status and, in some cases, membership name, as this is the full extent of the frequent flyer data that Singapore Airlines shares with other Star Alliance member airlines for this data transfer.”
Other airlines affected by the SITA breach included Finnair, which said 200,000 frequent flyers were impacted.
Ran Nahmias, co-founder of Cyberpion, argued the attacks highlight the risks involved in modern IT supply chains.
“When you consider the need to monitor the potential risks across a vast ecosystem that includes vector-associated DNS management, cloud providers, web properties, encryption, certificates and mobile infrastructures, the modern IT organization is not prepared to monitor, let alone manage, that risk,” he said.
“This is an environment where hackers and malicious actors thrive. When there is a lack of clearly defined oversight and management processes, hackers are able to operate freely and inflict significantly more damage.”