What CX sent out was a disclaimer that its systems were not affected, however, CX and other airlines share their data when transacting with other airlines, i.e. for tickets issued across multiple carriers, passenger and visa information, Frequent Flyer Programme Status, and credit cards.

This means that the data on CX shared with any other airline could have been compromised on SITA.

To explain, SITA was set up to facilitate connectivity between airlines at the beginning of the computer age to enable communication to flow between them. It now operates one of the world’s largest global networks.

This means that say neither CX not SQ system’s were compromised, yet data travelling between the two was, i.e. over the SITA network with its multiple nodes, servers, and storage devices.

From reading the CX and AA notices I received it looks as if data was compromised over the SITA network.