Airline IT provider SITA – which provides technology services to 90 percent of the global aviation industry – has reported it has experienced a “serious” and “highly sophisticated” data breach on Feb. 24.
In a statement issued on March 4, Swiss-based SITA reported the incident involved passenger data stored on SITA Passenger Service Systems (PSS) servers hosted by its American subsidiary in Atlanta, Georgia. SITA further stated it has notified its customers and related organizations following the breach, and customers who may be affected have been advised to contact the airlines directly in accordance with GDPR and data protection legislation.
SITA handles online services for major global airlines including reservations, ticketing, managing departure times, and administration of rewards and frequent flyer programs.
Based in Geneva, Switzerland, SITA has more than 2,500 customers in over 200 countries and territories. The breach has reportedly affected Star Alliance and Oneworld member airlines.
Airlines that have confirmed the breach involving their frequent flyer programs and sent notifications to customers include United, American Airlines, Lufthansa, Cathay Pacific, Singapore Airlines, Air New Zealand, Malaysia Airlines, Finnair and Jeju Air.
In Japan, All Nippon Airways (ANA) and Japan Airlines (JAL) reported the data breach may have affected around 1 million and 920,000 customers respectively.
According to ANA, the Tokyo-based airline shares frequent flyer membership data with other Star Alliance members through SITA's servers. ANA further stated the affected customers are ANA Mileage Club premium members, and the data involved include names, membership numbers, and membership status. However, passwords and credit cards were not part of the leak.