Membership is FREE!   Professional Designations for Business & Technology Professionals


Massive Supply-Chain Cyberattack Breaches Several Airlines

4 Mins read

The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers.

A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.”

The affected servers are in Atlanta, and belong to the SITA Passenger Service System (SITA PSS), company spokeswoman Edna Ayme-Yahil told Threatpost. SITA PSS operates the systems for processing airline passenger data and belongs to a group of SITA companies, headquartered in the E.U.

Malaysia Air and Singapore Airlines have already made headlines in recent days after alerting their customers they’ve been compromised as part of the attack.

Yahil declined to say how many users have been affected for confidentiality reasons, but Singapore Airlines reported more than 580,000 impacted customers alone, meaning the compromise could ultimately impact millions of users.

“Each affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories,” Yahil said.

Frequent-Flyer Data Compromised

While the company didn’t comment specifically on the types of data exposed, “save to say that it does include some personal data of airline passengers,” Yahil added. “Many airlines have issued public statements confirming what types of data have been affected in relation to their passengers.”

Airline members of the Star Alliance, including Lufthansa, New Zealand Air, and Singapore Airlines, along with OneWorld members Cathay Pacific, Finnair, Japan Airlines and  Malaysia Air,  have already started communicating with its at-risk users, Yahil told Threatpost, adding that South Korean airline JeJu Air’s passenger data was also compromised.

“The data security incident occurred at our third-party IT service provider and not Malaysia Airlines’ computer systems,” Malaysia Air’s Twitter account said about the breach earlier this week, without mentioning SITA by name. “However, the airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT, service provider, to secure Enrich members’ data and investigate the incident’s scope and causes.”

The systems are linked by SITA PSS so that one airline can recognize frequent-flyer benefits from other carriers.

“SITA PSS was holding the data of airlines that are not its direct customers, but are alliance members because other airlines that are SITA PSS customers have an obligation to recognize the frequent flyer status of individual passengers and ensure that such passengers receive the appropriate privileges when they fly with them,” Yahil explained to Threatpost. “That obligation arises from the contractual commitments that the other airline has agreed in its contractual arrangements with an alliance organization.”

She added, “It is common practice for alliance members to recognize the frequent-flyer scheme tiers of the passengers they carry. This mandates the sharing of frequent-flyer data amongst alliance members and, consequently, the service providers to those alliance members (such as SITA).”

Airline Supply-Chain Attacks on The Rise

While details on how the attack happened are scant, HackerOne solutions architect Shlomie Liberow said SITA’s trove of personal data would be tantalizing for cybercriminals.

“It’s not clear yet what the attack vector was in the SITA breach, but HackerOne vulnerability data shows that the aviation and aerospace industry sees more privilege escalation and SQL-injection vulnerabilities than any other industry, accounting for 57 percent of the vulnerabilities reported to these companies by ethical hackers,” Liberow explained. “SITA would be an attractive target for criminals due to the sensitive nature of the information they hold — names, addresses, passport data.”

Liberow said it’s time for the airlines to dig in on securing their systems.

“We’ve seen the aviation industry particularly hard hit over the past year, perhaps because criminals know they will be vulnerable and their focus and priorities on remaining in business. However, traditional enterprises like airlines have always been an attractive target since few are digital-first businesses, and therefore have relied on legacy software, which is more likely to be out-of-date or have existing vulnerabilities that can be exploited,” Liberow added.

Locking Down the Software Supply Chain

The breach is yet another in a long list of recent brutal attacks on third-party supply-chain providers to target larger, more secure organizations. The most well-known recent event is the SolarWinds breach of the U.S. government, and there’s also the spate of global zero-day attacks on users of the Accellion legacy File Transfer Appliance product.

“The proliferated effect of the attack on SITA is yet another example of how vulnerable organizations can be solely on the basis of their connections to third-party vendors,” said Ran Nahmias, co-founder of Cyberpion. “If these kinds of seemingly legitimate connections are not properly monitored and protected, they can result in damaging breaches that unleash highly confidential data, as evidenced in this situation.”

That means it’s up to IT teams to evaluate the security of every company within their perimeter, Demi Ben-Air from Panorays said.

“You simply cannot know whether your third parties meet your company’s security controls and risk appetite until you’ve completed a full vendor security assessment on them,” Den-Air explained. “But through automated questionnaires, external footprint assessments, and taking into consideration the business impact of the relationship, you can get a clear, up-to-date picture of supplier security risk. It’s important to note that the best practice is not a ‘one-and-done’ activity, but through real-time, continuous monitoring.”

David Wheeler, director of open-source supply-chain security at the Linux Foundation, explained during a recent Threatpost webinar on how to lock down the supply chain that security-savvy IT pros should start asking for SBOMs, or a software bill of materials, before using any third-party solution. This will help ensure that the platform was written securely and with reliable code.

“Today’s data breaches tell us it’s no longer enough to secure your perimeter; you also have to secure your third parties, and their third parties,” Ben-Ari warned.


Related posts
CybersecurityData Breaches

International cybercops derail botnet used to extort, steal data around the globe for years

4 Mins read
FBI also announced the arrest of a Canadian on Wednesday in connection to a ransomware attack The Associated Press · Posted: Jan 27, 2021…

Facebook will shut down its spyware VPN app Onavo

4 Mins read
Josh Constine@joshconstine / 8:43 PM EST•February 21, 2019 Facebook will end its unpaid market research programs and proactively take its Onavo VPN app off…

Technology Trends: VMware Canada Partners Share 2021 Predictions

3 Mins read
Technology Trends: VMware Canada Partners Share 2021 Predictions VMware Canada January 4, 2021 VMware Canada’s partners have been on the frontlines of…

Yes, I have read and live by this Code of Ethics - We are BIZTEK, located in Mississauga, Ontario. Business Certification is an important part of doing business in Canada. Join us to set new standards and professionalism to the technology sector. We will email you regarding issues that affect business and technology professionals in Canada. Contact us at or call us at 647 499 2744. You can unsubscribe at any time.