Outspread SITA Security Breach Exposes More Airlines

After SITA issued an official statement last Thursday confirming it had been the subject of a sophisticated cyberattack, more airlines confirmed they have been directly affected. It appears the SITA security breach affected all carrier members of Star Alliance and the One World alliance.

Among the companies that have independently disclosed the impact of the breach are Singapore Airlines, Air New Zealand, British Airways, American Airlines, Lufthansa, Malaysia Airlines, Finnair, Japan Airlines, United Airlines, SAS, Cathay Pacific, and South Korean airline Juju Air.

Singapore Airlines, British Airways, and Finnair stated that no financial details or passwords have been accessed by the attackers. In most cases, it appears the breach targeted frequent flyer membership number, tier status, and membership names. However, in the case of British Airways, some stolen data sets reportedly had a name attached to the frequent flyer number. The only way those accounts could be hacked is if the passenger’s name appears on another hacked ID list from a different company, and the password leaked in that breach was the same as his British Airways password. It may sound unlikely, but it’s definitely not impossible.

On the evening of March 5^th, people noticed they couldn’t log into their BA accounts. They were obstructed from logging in using their membership number, and only email addresses were being accepted. Some of them couldn’t use their email address either but found that their username, which BA tried to eliminate a few years ago, was working. Some users appeared to have specific difficulties resetting their passwords using Chrome.

Your perimeter network is vulnerable to sophisticated attacks.

Heimdal™ Threat Prevention
– Network

Is the next-generation network protection and response
solution that will keep your systems safe.

• No need to deploy it on your endpoints;
• Protects any entry point into the organization, including BYODs;
• Stops even hidden threats using AI and your network traffic log;
• Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;

When asked what information is stored on its Horizon PSS, SITA replied:

At minimum, passenger systems will include a passenger’s name, itinerary and some form of contact information in order to facilitate making a travel reservation. There may be additional information as required by governments to enable travel or as optionally provided by passengers to express their preferences and entitlements.

Singapore Airlines, Finnair, and British Airways have all made it clear that the breach did not harm their internal systems.

It is still unclear when exactly the breach started but SITA confirmed the gravity of the attack on February 24th. They immediately informed affected PSS customers and related organizations about the attack.
The global air transport giant had nothing more to disclose at this stage except that it will act swiftly to try and contain the threat and that incident responders and third-party specialists are constantly monitoring the situation.