AA affected by SITA breach
Mar 5, 2021, 4:07 pm
#1
Original Poster
Join Date: Apr 2010
Posts: 1,546
AA affected by SITA breach
Also affecting
UA
BA
Finnair
and others
UA
BA
Finnair
and others
March 5, 2021
Hello [firstname lastname redacted],
We are informing you of a recent event that may have involved a limited amount of your AAdvantage® information.
American Airlines was recently notified by SITA, an information technology company that provides services to many international carriers, that SITA suffered a data security incident involving a limited amount of AAdvantage loyalty data residing on SITA’s passenger service system (SITA PSS). Importantly, the incident did not result in the compromise of any AAdvantage account passwords or financial information that may be stored in your AAdvantage account. American’s systems were not involved in this incident.
American is not a customer of SITA PSS. However, the incident did impact certain AAdvantage loyalty data as some of our airline partners store loyalty data in SITA PSS. We exchange a limited set of frequent flyer loyalty data with our airline partners to ensure recognition of our AAdvantage members’ loyalty status when traveling.
We have confirmed with SITA that your name, elite status, and AAdvantage number may have been affected by the incident. While American has no evidence that your AAdvantage information has been misused, we wanted to alert you of this incident.
As a best practice, we recommend you update your AAdvantage password regularly and use complex and unique passwords. While we do not believe your account is at risk, if you would like to reset your AAdvantage password as a precaution, you can reset your password here.
We apologize for any inconvenience this may cause you and remain committed to the protection of your personal information.
Sincerely,
Russell Hubbard
Chief Privacy Officer, American Airlines
Hello [firstname lastname redacted],
We are informing you of a recent event that may have involved a limited amount of your AAdvantage® information.
American Airlines was recently notified by SITA, an information technology company that provides services to many international carriers, that SITA suffered a data security incident involving a limited amount of AAdvantage loyalty data residing on SITA’s passenger service system (SITA PSS). Importantly, the incident did not result in the compromise of any AAdvantage account passwords or financial information that may be stored in your AAdvantage account. American’s systems were not involved in this incident.
American is not a customer of SITA PSS. However, the incident did impact certain AAdvantage loyalty data as some of our airline partners store loyalty data in SITA PSS. We exchange a limited set of frequent flyer loyalty data with our airline partners to ensure recognition of our AAdvantage members’ loyalty status when traveling.
We have confirmed with SITA that your name, elite status, and AAdvantage number may have been affected by the incident. While American has no evidence that your AAdvantage information has been misused, we wanted to alert you of this incident.
As a best practice, we recommend you update your AAdvantage password regularly and use complex and unique passwords. While we do not believe your account is at risk, if you would like to reset your AAdvantage password as a precaution, you can reset your password here.
We apologize for any inconvenience this may cause you and remain committed to the protection of your personal information.
Sincerely,
Russell Hubbard
Chief Privacy Officer, American Airlines
Mar 5, 2021, 4:10 pm
#2
Join Date: Jan 2009
Location: OKC
Programs: IHG Spire, National Exec, AA Plat
Posts: 2,274
Just got this as well.
So their recommendation is to update the password - why the heck are these idiots sharing passwords with SITA in the first place?
This crap is getting ridiculous and these companies need to be held accountable for data leaks. It needs to cost them in a way that has significant pain to them, or it's just going to continue.
So their recommendation is to update the password - why the heck are these idiots sharing passwords with SITA in the first place?
This crap is getting ridiculous and these companies need to be held accountable for data leaks. It needs to cost them in a way that has significant pain to them, or it's just going to continue.
Mar 5, 2021, 4:32 pm
#4
Join Date: Feb 2003
Location: Washington, DC
Programs: AA Executive Platinum/Million Miler, Marriott Titanium Elite-Lifetime, Hilton Gold
Posts: 3,198
Mar 5, 2021, 6:09 pm
#6
Join Date: Mar 2001
Location: DFW/PHL
Programs: US CP, UA *G; SPG Plat, Hilton Gold; Natl Exec, Hertz PC
Posts: 623
How did all of the OneWorld carriers FF info get affected by a leak at a Star Alliance carrier? UA's email specifically states only certain *A levels were leaked for benefit reasons, so why was the OW data even in the same set?
Mar 5, 2021, 8:18 pm
#8
FlyerTalk Evangelist
Join Date: Aug 2017
Programs: AS 75K, DL Silver, UA Platinum, Hilton Gold, Hyatt Discoverist, Marriott Platinum + LT Gold
Posts: 10,467
UA nor AA utilize SITA but some of their respective partners do. Within each alliance, there are some level of info sharing to make traveling across carriers easier, for example.
Mar 6, 2021, 1:42 am
#12
Join Date: Oct 2019
Location: clue is in the nym
Programs: BA Gold, TP Gold, VS Gold, Hilton Diamond, IHG Diamond, Hyatt Globalist, Marriott Platinum
Posts: 826
Since many people practice poor password management and re-use passwords on different sites hackers could theoretically match up your FFN and Name from the SITA attack with hacked Name/Email/Password information already 'out there' as a result of other unconnected attacks and this would give them enough information to make an attack on your AA account. The risk is very small, as the email acknowledges, but there is some level of risk, hence the suggestion that one might wish to change ones password.
The attack was directed at SITA's servers in Atlanta, GA, not at the airline, although the vector for the attack may have been lax security protocols at an end user. It is, frankly, very unlikely that SITA maintains parallel separate databases of Name, Number, Status (etc.) for OW and *A airlines so once they're in to the SITA data hub both OW and *A records are compromised.
Mar 6, 2021, 5:04 am
#14
Join Date: Feb 2013
Location: Beantown! (BOS)
Programs: AA PtPro (2 MM); Hilton Diamond; Hertz President Cr; DL SkyMiles; UA MileagePlus
Posts: 3,435
I go the same e-mail from AA.
JAL has indicated that information compromized on thier FF program were:
Name
FF account number
OneWorld elite status
Is this the reason when making a reservation directly with an OneWorld partner airline and putting my FF number in the reservation, the system immidiately know my OneWorld elite status and able to choose seats which are not abailable to none status passengers?
JAL has indicated that information compromized on thier FF program were:
Name
FF account number
OneWorld elite status
Is this the reason when making a reservation directly with an OneWorld partner airline and putting my FF number in the reservation, the system immidiately know my OneWorld elite status and able to choose seats which are not abailable to none status passengers?
Last edited by AlwaysAisle; Mar 6, 2021 at 5:10 am