Threatpost reported last week that a major airline service provider SITA, which provides IT services and communications for about 90% of global airlines, was attacked and data breached.
SITA was quoted as saying what was carried out was a “highly sophisticated attack.” Threatpost noted that “The affected servers are in Atlanta and belong to the SITA Passenger Service System (SITA PSS), company spokeswoman Edna Ayme-Yahil told Threatpost. SITA PSS operates the systems for processing airline passenger data and belongs to a group of SITA companies, headquartered in the E.U.”
Many overseas airlines have been notifying customers that their data was breached. Although the total number of affected flyers is unknown, Singapore Airlines alone reported 580,000 victims.
According to the spokesperson for SATI;
“Each affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories.”
The Data That Was Affected
Although SATI did not specify precisely what type of data was stolen in the breach, a spokesperson did comment that “save to say that it does include some personal data of airline passengers. Many airlines have issued public statements confirming what types of data have been affected in relation to their passengers.”
Some of the directly affected airlines and who have started alerting customers include Lufthansa, New Zealand Air, Singapore Airlines, Cathay Pacific, Finnair, Japan Airlines, and Malaysia Air.
In a Twitter post this past week, Malaysia Air said, “The data security incident occurred at our third-party I.T. service provider and not Malaysia Airlines’ computer systems. However, the airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected I.T. service provider to secure Enrich members’ data and investigate the incident’s scope and causes.”
The entire system that links all these airlines is the SITA Passenger Service System (SITA PSS). It allows frequent flyer information to float between airline providers so that passengers can use their miles with whatever airline they want. Anyone included in a frequent flyer alliance program would be included in the data breach.
The Dangers of Airline Attacks
Post 911, the danger of any type of airline attack remains at the forefront of any American’s mind. Although a data breach does put flyers at risk of identity theft and fraud, the more emergent data is for safety and lives.
So much of the airline industry runs on technology that could potentially be compromised by threat actors looking to down planes or remotely control systems.
When interviewed by Threatpost, SATI confirmed that South Korean airline Jeju Air’s passenger data was included in the mix.
Where do We Go from Here?
Unfortunately, this is just another in a line of attacks aimed at the airline industry. There is no clear information on how the attack occurred and what, if anything, was done with the data breached.
Shlomi Liberow of HackerOne said,
“It’s not clear yet what the attack vector was in the SITA breach, but HackerOne vulnerability data shows that the aviation and aerospace industry see more privilege escalation and SQL-injection vulnerabilities than any other industry, accounting for 57 percent of the vulnerabilities reported to these companies by ethical hackers.” He further explained that “SITA would be an attractive target for criminals due to the sensitive nature of the information they hold — names, addresses, passport data.”
With the writing on the wall, it is clear that the aviation industry needs to get up to speed with cybersecurity solutions and upgraded technology. The risk is too great to ignore this growing problem.