Airlines, which are already struggling to survive amidst the Covid-19 pandemic, face a new threat from a far-reaching cyberattack that took advantage of a vendor used by over the vast majority of airlines worldwide: SITA. This attack was directed against SITA’s US based servers, and a company spokeswoman, Edna Ayme-Yahil, declined to reveal how many individual’s information was affected by the attack. These servers are known to host the SITA’s SITA Passenger Services System, which processes passenger data and feeds it to the airlines.
While the servers were located in the United States, SITA is headquartered in the EU, and it remains unclear what the geographic scope of the data potentially affected by the attack is. Ms. Ayme-Yahil noted that each affected airline, which includes members of the Star Alliance, have been provided the information necessary to understand the breadth of the information involved in the attack. Two members of the Star Alliance, Malaysia Air and Singapore Airlines, have alerted their customers to the data breach. From their press releases, the data involved appears to be related to the airline’s membership program, such as membership status or member name, and does not currently appear to include financial information.