**Update: 03/08/21 @ 10:57 UTC – Additional statements from airlines have been added; details below.**

On Thursday, air transport data giant SITA shared that on February 24th, it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on its Horizon passenger service system servers. This platform operates several processing systems for airlines. As a result, several carriers have been notified of the incident.

Passengers are being updated

Skift highlights that many airlines across the continents are affected by the data breach. So far, the carriers that have contacted their customers about the incident include:

  • American Airlines
  • British Airways
  • Cathay Pacific
  • Finnair
  • Japan Airlines
  • Jeju Air
  • Lufthansa
  • Malaysia Airlines
  • New Zealand Air
  • SAS
  • Singapore Airlines
  • United Airlines

Moreover, Skift adds that it appears that the breach has impacted all airline members of Star Alliance and oneworld.

Simple flying contacted several carriers for comment on this data breach. A British Airways spokesperson affirmed to Simple Flying that this is an industry-wide issue and is not a breach of its own systems, and it has not lost any data. An email from the operator to its customers shares that some British Airways Executive Club members' names, membership numbers, and some of their preferences, such as seating, have been impacted.

A statement from the carrier seen by Simple Flying reads as follows:

“This incident is affecting airlines in different ways. SITA’s breach does not involve British Airways’ customers’ financial information or passwords as it does not have access to this data.   This incident was not a breach of British Airways' systems and no information has been lost from our systems. We take the protection of personal data extremely seriously and are asking some Executive Club Members to reset their passwords as a precautionary measure.”

Plane Silhouette New York
There are concerns from airline staff and unions about being overworked amid the ongoing travel requirements. Photo: Getty Images

Important notifications

Meanwhile, according to TechCrunch, Singapore Airlines shared that it was not a client of SITA’s Horizon passenger service system but that approximately half a million frequent flyer members had their “membership number and tier status compromised.” The airline said that the transfer of this type of data is “necessary to enable verification of the membership tier status, and to accord to member airlines’ customers the relevant benefits while traveling.”

United Airlines added that its frequent flyer data stored in the third-party system was impacted, The exposed data solely consist of "first and last name, MileagePlus number, and Star Alliance tier status (Star Gold or Star Silver only)."

United told its passengers the following in an email:

"We have strong cyber security measures in place to protect your personal data, and both United and Star Alliance have reviewed our own systems and found no indications that they have been compromised in connection with this incident. However, out of an abundance of caution, you may want to change your MileagePlus account password, and we recommend that all members do so regularly as a best practice."

American Airlines also confirmed that SITA suffered a data security incident involving a limited amount of AAdvantage loyalty data. It added:

"Importantly, the incident did not result in the compromise of any AAdvantage account passwords or financial information that may be stored in AAdvantage accounts. We have confirmed with SITA certain AAdvantage members’ name, elite status, and AAdvantage number were impacted. We do not believe this data poses a risk to our loyalty members or their AAdvantage miles. As a courtesy, we have notified affected AAdvantage members by email. We are continuing to investigate this incident but American’s systems were not compromised as part of this incident.

Boeing 737 Jet Silhouette
Photo: Getty Images

Across the globe

Air New Zealand Chief Customer and Sales Officer Leanne Geraghty said in a statement sent to Simple Flying that a Star Alliance partner has been impacted by a security data breach, involving some of its passengers' data. The executive said member airlines share minimal frequent flyer data to ensure advantages can be utilized across different carriers, for instance, access to member lounges.

Geraghty shared the following in the statement:

Star Alliance The information affected is limited to name, tier status and membership number. This is the full extent of frequent flyer data Air New Zealand shares with other Star Alliance member airlines. This data breach does not include any member passwords, credit card information or other customer data such as itineraries, reservations, ticketing, passport numbers, email addresses or other contact information."

The airline added that only a small subset of Airpoints customers have been affected and they have been contacted directly by the carrier. Air New Zealand assures its customers that it is working with Star Alliance to ensure stronger systems are in place to prevent something similar from happening in the future.

Additional words

The breached data cannot be used to access Finnair Plus services. Accessing Finnair Plus service always requires a password, and we do not share password data among airlines.

A Finnair spokesperson also told the airline does not use the service provider in question, but it shares frequent flyer information with its partner airlines that use this third-party service. Frequent flyer information is shared among airlines to ensure that the carrier can serve its members and to allow customers to accrue and use their frequent flyer points. For the avoidance of any doubt, this data incident is not the result of any breach in Finnair IT systems.

Based on its analysis, the nature of the breached data, and the information it has received from SITA, Finnair believes that the risk of this data being misused in other contexts is relatively low. It has not detected any unusual activity on Finnair Plus accounts.

A SITA spokesperson told Simple Flying that investigations indicate that the total period during which the cyber-attacker(s) were able to access some of its systems was less than one month.

Silhouette landing heathrow
Investigations are ongoing. Photo: Getty Images

The group adds that by global and industry standards, it identified this cyber-attack extremely quickly and acted accordingly. Its investigations are ongoing, but the group is confident that it has responded thoroughly.

Better to be safe

Overall, the extent of the damage across all airlines is yet to be determined. However, the shared statements generally convey that the breach excluded highly sensitive information such as passwords, card information, passports.

Simple Flying reached out to several airlines regarding this data breach. We will update the article with any further updates from the carriers.

Altogether, what are your thoughts about these data breaches? What do you make of the overall issues occurring? Let us know what you think of the situation in the comment section.