Passenger Data Indeed Compromised by “Highly Sophisticated” Cyber Attack 2021
…which means that it holds the sensitive data of passengers on its servers, which were compromised by “cyber-criminals” on Wednesday, February 24, 2021 — and the information pertaining to you may be among the breach.
The company — which was founded in February of 1949 and is better known by its acronym of SITA — is currently headquartered in Geneva; but its operations in the United States are located in Atlanta, which is where the data breach occurred.
SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines.
After confirmation of the seriousness of the data security incident on February 24, 2021, SITA took immediate action to contact affected SITA PSS customers and all related organizations.
We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.
SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber-security.
If you are the customer of an airline and have a Data Subject Access Request in relation to the handling of your personal data, this request must be made directly to that airline in accordance with GDPR and data protection legislation. SITA is unable to respond directly to any such request.
The data breach may have affected greater than two million members of the frequent flier loyalty programs of at least twelve airlines who have since contacted their customers about the incident — including Air New Zealand, American Airlines, British Airways, Cathay Pacific, Finnair, Japan Airlines, Jeju Air, Lufthansa, Malaysia Airlines, SAS, Singapore Airlines, and United Airlines — and perhaps have affected the members of all airlines of both Star Alliance and the oneworld alliance.
Members of the Delta Air Lines SkyMiles frequent flier loyalty program may have also been affected by the data breach; but that report has been unconfirmed at the time this article was written.
That the full scope and extent of the compromised security incident is still yet to be known at the time this article was written is unacceptable and completely inexcusable. Exactly who did this data breach affect — and how much data was actually compromised?
Companies need to be increasingly more vigilant about protecting the sensitive data of their customers. Ironically, creating difficult hurdles for members of frequent travel loyalty programs to recover expired points seems to be significantly more important than pooling more resources and implementing more effective procedures in protecting the sensitive data of their customers.
…and yet, few measures are in place to rectify the potentially disastrous results which could possibly occur from these data breaches — as though few corporations and government entities are unconcerned about confronting the seriousness of such breaches and attacks.
I am uncertain at this time as to what is the answer — but this trend simply cannot continue unchecked where customers are basically left out in the cold, in my opinion. Class-action lawsuits — through which attorneys line their pockets with plenty of cash and throw the poor consumer a virtually worthless coupon — are not the answer. Corporations simply need to be held significantly more accountable for the actions — or inactions — so that they have an incentive to better protect the sensitive information and data of their customers in the future instead of being perceived as having a cavalier attitude about sensitive data of its customers being compromised…