Just a few days after Malaysia Airlines revealed a data security incident, Singapore Airlines (SIA) is also facing a data breach of its own. According to the airline, the data security breach involved SITA’s Passenger Service Systems’ (PSS) servers which contained frequent flyer programme data.
In their email, SIA clarified that they are not a customer of SITA PSS but another Star Alliance member airline is. It added that all 26 members of the alliance are required to provide a restricted set of frequent flyer programme data which is then shared to other airlines to reside in their respective passenger service systems. This data is used to verify a passenger’s membership tier status in order to provide the relevant benefits for the frequent flyer passenger.
The airline said that the breach at SITA PSS server had affected some of the Star Alliance members and it involved some data of KrisFlyer members. Some of the possible exposed information may include membership number, tier status and membership name. Other crucial data which include KrisFlyer membership passwords, credit card information, itineraries, reservations, ticketing, passport numbers and email addresses are not affected as SIA does not share such information with other Star Alliance member airlines.
If you’re a KrisFlyer member, you should received an email notification which will let you know if your data is affected. SIA has also assured that none of their IT systems have been affected by the incident.
As reported by Channel News Asia (CNA), about 580,000 KrisFlyer and PPS members are affected by the breach. SITA, the airline-centric IT company has also confirmed that it became a victim of a cyberattack. The incident took place on 24th February and they had taken immediate action to contact the affected SITA PSS customers.
According to a statement shared to CNA, “We recognise that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.” SITA is still investigating the security incident with support from “leading external experts in cybersecurity”.