Airline industry suffers cyberattack

The International Air Transport Association expects total air passenger numbers in 2021 to be 52 percent lower compared to that in 2019 as pandemic restrictions continue to hinder travel.

It is only by next year that passenger numbers are anticipated to recover to 88 percent of pre-pandemic levels.

Unfortunately, the world’s airline industry is also reeling from the effects of another virus.

Global air transport data giant and Geneva-based SITA recently confirmed a data breach involving passenger data. The company subsequently contacted affected airlines.

According to SITA, it was the victim of a cyberattack and certain passenger data stored in its US servers had been breached. SITA is said to be one of the world’s largest aviation IT companies, serving around 90 percent of the world’s airlines, which rely on the company’s passenger service system Horizon to manage reservations, ticketing, and aircraft departures. The company said that the incident affected various airlines around the world, not just in the United States.

The cyberhacking is said to have affected almost all of the world’s airline companies, compromising 10 years’ worth of personal data of an estimated 4.5 million passengers, mostly belonging to the elite clubs of frequent flyers.

SITA, in its online postings, claims that almost every airline and airport in the world does business with it and that 95 percent of all international destinations are covered by its extensive network.

SITA is one of just a few aviation IT providers offering passenger ticketing and reservation services to airlines across the globe, the others include the Texas-based Sabre Corp. and the Madrid-headquartered Amadeus IT Group.

SITA is said to be providing airline and border control (immigration) solution in the Philippines. Should we be worried?

This is not the first time that the air transport industry has been a victim to cyberattacks.

According to TechCrunch, a major data breach took place in 2017 in travel technology company Sabre’s hotel reservation system after hackers allegedly scraped the credit cards of over a million of the American firm’s customers. Sabre reportedly coughed up a $2.4-million settlement and made changes to its cybersecurity policies after that incident.

The same report also revealed that in 2019, a security researcher found a vulnerability in the passenger booking system of Amadeus that made it easy to access the traveler records of its customers. Air France, British Airways and Qantas were at that time among the users of Amadeus’ booking system.

Meanwhile, according to media reports, the hacking of SITA’s PSS servers in its data center in Atlanta resulted in the leakage of sensitive personal and financial data of airline passengers, including their name, date of birth, passport and ticket details, and credit card information.

That the hacking turned out to be a lot worse than first thought of surfaced last month when Air India, which uses SITA’s Horizon PSS,  confirmed that the breach had compromised the personal data of about 4.5 million air passengers, including its flyers who registered with the airline between Aug. 26, 2011 and Feb. 3, 2021.

The TechCrunch report also revealed that the companies affected by the cyberattack last February include Deutsche Lufthansa, Cathay Pacific, Air New Zealand, United Airlines, American Airlines, Singapore Airlines, Malaysia Airlines, Finnair and Jeju Air.

Apart from the airlines using SITA’s Horizon PSS, certain firms like Singapore Airlines fell victim to a third-party breach because they belong to either the Star Alliance or OneWorld networks, some of whose member-airlines were using SITA’s hacked system.  This is because frequent flyer information of Star Alliance and OneWorld member-airlines pass through SITA’s passenger service system so they can provide loyalty points to their passengers.

Singapore Airlines explained that one of the Star Alliance member airlines is a SITA PSS customer and as a result, SITA has access to the restricted set of frequent flyer program data for all 26 Star Alliance member airlines, including Singapore Airlines. About 580,000 KrisFlyer and PSS member-passengers of Singapore Airlines  were believed affected by the third-party computer data breach.

Experts say that the actual scope of the cyberhacking’s impact has yet to be ascertained at this point because apart from the airlines using SITA’s Horizon system like Air India, and those victimized by a third-party breach like Singapore Airlines, the partner-organizations of SITA other than the affected airline companies might have similarly suffered or remain vulnerable to possible data breaches.

SITA partner-organizations are thus being encouraged to initiate customer data monitoring to check for possible data breaches in their respective computer systems.

In revealing the  data security incident, SITA said that it had taken swift action and initiated targeted containment measures to address the security incident.

It noted that after confirming the seriousness of the data security incident last Feb. 24, SITA took immediate action to contact affected SITA PSS customers and all related organizations, adding that the matter remains under continued investigation by SITA’s security incident response team, with the support of leading external experts in cybersecurity.

For its part, Air India said its actions to address the data security breach included securing the compromised servers, immediately contacting the affected customers to notify them of the cyberattack, and advising them to change the passwords of their Air India accounts.

India’s national carrier revealed that the compromise involved 10 years of passenger data, including name, contact details, date of birth, credit card numbers and passport information.

A report in the UK-basedwebsite Teiss.Co.UK quoted Jeremy Hendy, the CEO of Skurio, a digital risk protection platform, as saying that Air India’s involvement in SITA’s supply chain attack shows that no matter how good one’s own network security is, someone else may lose the data and bad actors are ready to exploit this glitch or vulnerability.

Hendy said that businesses should continually review security and processes with their suppliers, requiring ISO certification and clearly documented standards as a minimum. He added that watermarking data can help companies to identify third-party breaches faster and enable them to take action sooner.

The same report quoted David Sygula, a senior cyber security analyst at CybelAngel, which is also a digital risk protection platform, as saying that organizations must constantly scan for leaked documents outside the enterprise perimeter, including connected storage, open databases, cloud applications, and the Dark Web to uncover confidential and sensitive data quickly, before it is exploited.

For comments, e-mail at [email protected]