AA affected by SITA breach

Old Mar 5, 21, 4:07 pm
  #1  
Original Poster
 
Join Date: Apr 2010
Posts: 1,063
AA affected by SITA breach

Also affecting
UA
BA
Finnair
and others

March 5, 2021

Hello [firstname lastname redacted],

We are informing you of a recent event that may have involved a limited amount of your AAdvantage® information.

American Airlines was recently notified by SITA, an information technology company that provides services to many international carriers, that SITA suffered a data security incident involving a limited amount of AAdvantage loyalty data residing on SITA’s passenger service system (SITA PSS). Importantly, the incident did not result in the compromise of any AAdvantage account passwords or financial information that may be stored in your AAdvantage account. American’s systems were not involved in this incident.

American is not a customer of SITA PSS. However, the incident did impact certain AAdvantage loyalty data as some of our airline partners store loyalty data in SITA PSS. We exchange a limited set of frequent flyer loyalty data with our airline partners to ensure recognition of our AAdvantage members’ loyalty status when traveling.

We have confirmed with SITA that your name, elite status, and AAdvantage number may have been affected by the incident. While American has no evidence that your AAdvantage information has been misused, we wanted to alert you of this incident.

As a best practice, we recommend you update your AAdvantage password regularly and use complex and unique passwords. While we do not believe your account is at risk, if you would like to reset your AAdvantage password as a precaution, you can reset your password here.

We apologize for any inconvenience this may cause you and remain committed to the protection of your personal information.


Sincerely,

Russell Hubbard

Chief Privacy Officer, American Airlines
_kurt is offline  
Old Mar 5, 21, 4:10 pm
  #2  
 
Join Date: Jan 2009
Location: OKC
Programs: IHG Spire, National Exec, AA Plat
Posts: 1,765
Just got this as well.

So their recommendation is to update the password - why the heck are these idiots sharing passwords with SITA in the first place?

This crap is getting ridiculous and these companies need to be held accountable for data leaks. It needs to cost them in a way that has significant pain to them, or it's just going to continue.
GlobalMatt likes this.
bchandler02 is offline  
Old Mar 5, 21, 4:25 pm
  #3  
 
Join Date: Feb 2014
Posts: 190
Deleted

Last edited by Stocktc1; Mar 5, 21 at 6:28 pm Reason: Delete
Stocktc1 is offline  
Old Mar 5, 21, 4:32 pm
  #4  
 
Join Date: Feb 2003
Location: Washington, DC
Programs: AA Executive Platinum/Million Miler, Marriott Titanium Elite-Lifetime, Hilton Gold
Posts: 1,674
Originally Posted by bchandler02 View Post
Just got this as well.

So their recommendation is to update the password - why the heck are these idiots sharing passwords with SITA in the first place?
No passwords were shared.
USFlyerUS is offline  
Old Mar 5, 21, 5:32 pm
  #5  
 
Join Date: Nov 2018
Posts: 1,096
How many miles we getting for the inconvenience ? 😀
gateH15 is offline  
Old Mar 5, 21, 6:09 pm
  #6  
 
Join Date: Mar 2001
Location: DFW/PHL
Programs: US CP, UA *G; SPG Plat, Hilton Gold; Natl Exec, Hertz PC
Posts: 612
How did all of the OneWorld carriers FF info get affected by a leak at a Star Alliance carrier? UA's email specifically states only certain *A levels were leaked for benefit reasons, so why was the OW data even in the same set?
flightrisk is offline  
Old Mar 5, 21, 8:02 pm
  #7  
 
Join Date: Dec 2016
Location: Somewhere in Long Island, NY
Programs: AA EXP, Hyatt Globalist, Marriott Gold
Posts: 416
Got the email

I received the same email.
I have a credit card stored under my AA account --- will have to monitor that.
zip10001 is offline  
Old Mar 5, 21, 8:18 pm
  #8  
 
Join Date: Aug 2017
Programs: AS MVPG, DL Gold, UA 1K, Hilton Diamond, Marriott Titanium + LT Silver, Hertz PC
Posts: 4,381
Originally Posted by flightrisk View Post
How did all of the OneWorld carriers FF info get affected by a leak at a Star Alliance carrier? UA's email specifically states only certain *A levels were leaked for benefit reasons, so why was the OW data even in the same set?
Read the email posted upthread first.

UA nor AA utilize SITA but some of their respective partners do. Within each alliance, there are some level of info sharing to make traveling across carriers easier, for example.
LovePrunes likes this.
Repooc17 is offline  
Old Mar 5, 21, 8:20 pm
  #9  
 
Join Date: Mar 2009
Location: LAX
Posts: 3,055
I got a similar email this morning from SQ, and just now from AA.
lobo411 is online now  
Old Mar 5, 21, 8:33 pm
  #10  
TPJ
 
Join Date: Jun 2008
Programs: TK*G (E+), AA OWS (Plat Pro), EY Silver (compted), IHG Plat Ambassador
Posts: 6,937
The only oneWorld airline hosted in SITA PSS is (I believe) S7. Have you flown on S7, lately? If not just move on... (and changing password from time to time is always a good idea)...
Repooc17 and wrp96 like this.
TPJ is offline  
Old Mar 5, 21, 11:14 pm
  #11  
 
Join Date: Aug 2002
Location: NYC
Programs: AA EXP, HH Diamond, Admirals Club, Priority Pass, Global Entry
Posts: 369
I received the same e-mail at 11:25pm ET on 3/5.
Tintin is offline  
Old Mar 6, 21, 1:42 am
  #12  
 
Join Date: Oct 2019
Location: clue is in the nym
Programs: BA Gold, IHG Platinum, Discovery Platinum, Bonvoy Gold, Accor Gold, Hilton Diamond, Radisson Gold,
Posts: 441
Originally Posted by bchandler02 View Post
Just got this as well.

So their recommendation is to update the password - why the heck are these idiots sharing passwords with SITA in the first place?
They didn't. However, if you flew an AA codeshare or a reward flight with a OW or *A partner your FFN, Full Name and Status Level (and potentially your points balance) may have been passed to the partner airline using the SITA Horizon PSS.

Since many people practice poor password management and re-use passwords on different sites hackers could theoretically match up your FFN and Name from the SITA attack with hacked Name/Email/Password information already 'out there' as a result of other unconnected attacks and this would give them enough information to make an attack on your AA account. The risk is very small, as the email acknowledges, but there is some level of risk, hence the suggestion that one might wish to change ones password.

Originally Posted by flightrisk View Post
How did all of the OneWorld carriers FF info get affected by a leak at a Star Alliance carrier? UA's email specifically states only certain *A levels were leaked for benefit reasons, so why was the OW data even in the same set?
The attack was directed at SITA's servers in Atlanta, GA, not at the airline, although the vector for the attack may have been lax security protocols at an end user. It is, frankly, very unlikely that SITA maintains parallel separate databases of Name, Number, Status (etc.) for OW and *A airlines so once they're in to the SITA data hub both OW and *A records are compromised.
southlondonphil is offline  
Old Mar 6, 21, 2:38 am
  #13  
 
Join Date: Oct 2019
Location: Vienna, Austria
Posts: 261
I got this e-mail too and almost thought it was some kind of spam especially with the change password "here" link seeming too suspicious and convenient
NickRivas is offline  
Old Mar 6, 21, 5:04 am
  #14  
 
Join Date: Feb 2013
Location: Beantown! (BOS)
Programs: AA PtPro (2 MM); Hilton Diamond; Hertz President Cr; DL SkyMiles; UA MileagePlus
Posts: 2,655
I go the same e-mail from AA.

JAL has indicated that information compromized on thier FF program were:

Name
FF account number
OneWorld elite status

Is this the reason when making a reservation directly with an OneWorld partner airline and putting my FF number in the reservation, the system immidiately know my OneWorld elite status and able to choose seats which are not abailable to none status passengers?

Last edited by AlwaysAisle; Mar 6, 21 at 5:10 am
AlwaysAisle is offline  
Old Mar 6, 21, 8:52 am
  #15  
 
Join Date: Dec 2003
Location: NYC
Posts: 5,410
AA seems to be saying it doesn't believe there's a problem, but if you do you should do something.
richarddd is offline  

Thread Tools
Search this Thread
Search Engine: