It’s unclear whether all of the Star Alliance members have been affected. A SITA representative told TechCrunch that the breach “affects various airlines around the world, not just in the United States,” but declined to name all of them. We have reached out to SITA for comment and will update if they reply.
So far, it would appear that the nature of the breach is more wide than deep. That is, a lot of people seem to have been affected, though in most cases the data that was being shared with SITA does not seem that extensive. In the case of Singapore Airlines, for instance, upwards of 500,000 people had their data compromised, though the data did not include things like member itineraries, passwords, or credit card information. The airline has stated:
Around 580,000 KrisFlyer and PPS members have been affected by the breach of the SITA PSS servers. The information involved is limited to the membership number and tier status and, in some cases, membership name, as this is the full extent of the frequent flyer data that Singapore Airlines shares with other Star Alliance member airlines for this data transfer.
So…having a hacker know how often you fly doesn’t really seem that bad, right? However, even if the SITA breach isn’t that extensive, it’s yet another great example of what kind of problem third parties pose for organizations within a supply chain—and what an appealing target they make for hackers. Because of the convoluted ways in which personal data is collected, stored, and shared, it’s incredibly easy for security officials to miss the weakest link in an industry’s chain. On the other hand, it can be incredibly easy for a hacker to spot one.
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe