A data breach involving a third-party system provider behind the airline Star Alliance has exposed some information about hundreds of thousands of airline passengers, potentially including customer names and MileagePlus numbers. The leaked information will not allow unauthorized individuals to access passengers’ accounts, however.
The data breach was confirmed by Sita, which said that there was an ‘data security incident’ involving the servers of the SITA Passenger Service System, which operates the processing systems for Star Alliance airlines like United. Sita alerted Star Alliance airlines, who have since warned their customers about the data incident.
SITA describes the data breach as “a highly sophisticated attack”, noting that it “took immediate action” after learning about the February 24 incident. The company’s Security Incident Response Team is working with third-party industry experts to investigate the matter.
In his statement, Sita said:
We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack. SITA acted swiftly and initiated targeted containment measures.
United, one of the Star Alliance airlines, alerted its customers to the matter by e-mail, noting that passwords and personal information – in addition to customer names – have not been exposed. As part of its email, United explained:
We have strong cyber security measures in place to protect your personal data, and both United and Star Alliance have reviewed our own systems and found no indications that they have been compromised in connection with this incident.