SITA, an information technology company that provides airline passenger service systems, has confirmed it was victim of a cyberattack last month. The firm – which provides IT systems for around 90 percent of the global aviation industry – said that the US servers of its Passenger Service System were attacked on Feb. 24.
The SITA PSS system operates passenger processing systems for Star Alliance, members of which include Lufthansa, Singapore Airlines and United Airlines.
In a statement SITA called the attack “highly sophisticated” and said, “SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber security.
“If you are the customer of an airline and have a Data Subject Access Request in relation to the handling of your personal data, this request must be made directly to that airline in accordance with GDPR and data protection legislation. SITA is unable to respond directly to any such request.”
In response to the news, United and American Airlines said no passwords, financial information or other sensitive data was accessed, but that a “limited amount” of data, such as names, loyalty program numbers and tier status may have been exposed. Nevertheless, United advised customers to change to change their MileagePlus passwords “out of an abundance of caution.”
A spokesperson for Delta Air Lines said there has been no indication that the carrier had been the subject of any exposure to the attack.
The news follows last week’s admission by Malaysia Airlines that the airline had been the subject of a nine-year data security breach of its Enrich frequent flier program.