If you have frequent flyer accounts with a variety of airlines, chances are that you received one or more emails in the past couple of days about a data breach. What’s going on, exactly?
On February 24, 2021, SITA suffered a “highly sophisticated” attack on its IT systems, which has caused the information of millions of passengers to be compromised. Specifically, certain data stored on SITA Passenger Service Systems servers was accessed. The company says it has contacted all affected SITA PSS customers, and all related organization.
For those of you not familiar with the company, SITA essentially provides IT services to the aviation industry around the world, including to airlines, airports, and ground handlers. SITA is involved in everything from operational business practices, to baggage management, to passenger management.
SITA has passenger details stored on its servers, and some of that data may have been accessed. The good news is that for the most part no passwords or payment methods were compromised, but rather this seems to center mostly around names, frequent flyer numbers, and elite status.
You may have been notified of a data breach even if you have a frequent flyer account with an airline that isn’t a direct customer of SITA. That can be the case if you’ve either booked an itinerary that involves travel on multiple airlines, if you used your frequent flyer account when traveling with another airline, etc. For example, here’s part of the email I got yesterday from American Airlines:
American is not a customer of SITA PSS. However, the incident did impact certain AAdvantage loyalty data as some of our airline partners store loyalty data in SITA PSS. We exchange a limited set of frequent flyer loyalty data with our airline partners to ensure recognition of our AAdvantage members’ loyalty status when traveling.
A data breach at aviation IT company SITA potentially means the frequent flyer details of millions of travelers were compromised. The good news is that it seems to mostly be very basic details that may have been compromised, and largely not payment methods, passwords, etc.
Nonetheless if you’ve gotten a notice about the breach, it could make sense to change your account password.
Were you impacted by this SITA data breach?