Airline communications and IT specialist Sita has been the victim of a cyber-attack, “leading to a data security incident involving certain passenger data”.
The European company said the data affected was stored on Sita Passenger Service System servers, which operate passenger processing systems for airlines.
A statement from Sita said: “After confirmation of the seriousness of the data security incident on February 24, 2021, SITA took immediate action to contact affected SITA PSS customers and all related organisations.
“We recognise that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.”
It said it acted “swiftly” and initiated “targeted containment measures”.
The attack is being investigated by Sita’s security incident response team with the support of leading external experts in cyber-security.
Sita advised airline customers with queries about the handling of personal data to contact airlines directly.
Air New Zealand said in an email to customers that: “Unfortunately, some of your information has been involved in this data breach however, this is limited to your name, tier status and membership number.”
The Guardian said the data on hundreds of thousands of airline passengers was hacked, adding that Sita serves the Star Alliance.
“Sita had informed Malaysia Airlines, Singapore Airlines, Finnair and a South Korean carrier called Jeju Air that their passengers had been affected by the breach of its passenger service system (PSS) servers,” said the Guardian.