SITA, one of the world’s largest air transport communications and IT vendors, has released a statement confirming that it was the victim of a cyberattack which led to passenger data stored on its servers to become compromised.
The incident took place on February 24, 2021, and the company immediately contacted the affected customers. The incident has had a knock-on effect for Singapore Airlines as the breach of the SITA PSS server has affected the data of some of its KrisFlyer and PPS members.
“We recognise that the COVID-19 pandemic has raised concerns about security threats and, at the same time, cybercriminals have become more sophisticated and active. This was a highly sophisticated attack,” said a SITA spokesperson.
“SITA acted swiftly and initiated targeted containment measures,” they continued. “The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cybersecurity.
“If you are the customer of an airline and have a Data Subject Access Request in relation to the handling of your personal data, this request must be made directly to that airline in accordance with GDPR and data protection legislation. SITA is unable to respond directly to any such request.”
Boris Cipot, Senior Security Engineer at Synopsys, commented on the attack: “The most concerning aspect of this data breach is the broad scope of the attack. In this case, the breach did not happen as a direct attack on Singapore Airlines, but as a breach to its IT provider. A lesson which organisations can take away from this scenario is to create security rules and procedures, not only for internal stakeholders but also for their partners in the supply chain. This means taking the software and service provider processes into consideration when discussing a partnership and defining what security measures will be implemented.”Click below to share this article