SITA PSS frequent flyer data breach affecting all *A member airlines
Mar 4, 2021, 4:45 pm
#1
Original Poster
Join Date: Nov 2015
Location: BNE
Programs: NZ*G, QF Bronze, VA Red
Posts: 563
SITA PSS frequent flyer data breach affecting all *A member airlines
I received an email from Singapore Airlines this morning to advise that they had received confirmation of a data breach at another *A airline's SITA PSS system, which meant that the frequent flyer details of every Star Alliance member airline's loyalty members had been exposed, including your name, tier status, and FF number. It's unclear if OneWorld and SkyTeam details were also compromised.
With this info, malicious individuals could data match your FF details to details stolen in other breaches and perform credible "spearphishing", or by matching against common passwords to attempt to access your FF account to steal flight credits and FF points, manipulate forward bookings, or exploit knowledge of your travel history. Be on the lookout!
With this info, malicious individuals could data match your FF details to details stolen in other breaches and perform credible "spearphishing", or by matching against common passwords to attempt to access your FF account to steal flight credits and FF points, manipulate forward bookings, or exploit knowledge of your travel history. Be on the lookout!
IMPORTANT INFORMATION ABOUT YOUR KRISFLYER ACCOUNT
SITA, an information technology company providing passenger service systems, has informed Singapore Airlines of a data security breach involving their passenger service systems' (SITA PSS) servers. While Singapore Airlines is not a customer of the SITA PSS, another Star Alliance member airline is.
All Star Alliance member airlines provide a restricted set of frequent flyer programme data to the alliance, which is then sent on to other member airlines to reside in their passenger service systems. This data transfer is necessary to enable the verification of membership tier status, and to accord to member airlines' customers the relevant benefits while travelling.
As a result, SITA has access to the restricted set of frequent flyer programme data for all 26 Star Alliance member airlines including Singapore Airlines.
We are contacting you as your KrisFlyer data was impacted by this breach of the SITA PSS server. The information involved is limited to your KrisFlyer membership name, membership number and tier status, which is the full extent of the frequent flyer data set that Singapore Airlines shares with other Star Alliance member airlines for this data transfer.
Specifically, this data breach does not involve your membership password, credit card information, and other customer data such as itineraries, reservations, ticketing, passport numbers, and email addresses as SIA does not share this information with other Star Alliance member airlines for this data transfer. Your KrisFlyer miles balance was also not compromised.
SITA, an information technology company providing passenger service systems, has informed Singapore Airlines of a data security breach involving their passenger service systems' (SITA PSS) servers. While Singapore Airlines is not a customer of the SITA PSS, another Star Alliance member airline is.
All Star Alliance member airlines provide a restricted set of frequent flyer programme data to the alliance, which is then sent on to other member airlines to reside in their passenger service systems. This data transfer is necessary to enable the verification of membership tier status, and to accord to member airlines' customers the relevant benefits while travelling.
As a result, SITA has access to the restricted set of frequent flyer programme data for all 26 Star Alliance member airlines including Singapore Airlines.
We are contacting you as your KrisFlyer data was impacted by this breach of the SITA PSS server. The information involved is limited to your KrisFlyer membership name, membership number and tier status, which is the full extent of the frequent flyer data set that Singapore Airlines shares with other Star Alliance member airlines for this data transfer.
Specifically, this data breach does not involve your membership password, credit card information, and other customer data such as itineraries, reservations, ticketing, passport numbers, and email addresses as SIA does not share this information with other Star Alliance member airlines for this data transfer. Your KrisFlyer miles balance was also not compromised.
Mar 4, 2021, 9:40 pm
#2
Join Date: May 2014
Location: Brisbane, Australia
Posts: 909
I'd love to know what airline it is (I guess we'll find out soon).
Air New Zealand just sent the following email out so I guess it's not them:
Air New Zealand just sent the following email out so I guess it's not them:
We have recently been alerted that a Star Alliance partner has been impacted by a security data breach, involving some of our customers’ data as well as that of many other Star Alliance airlines.
The Star Alliance member airlines share minimal frequent flyer data between each other and limited third parties to ensure benefits can be used across different carriers, for example access to member lounges.
Unfortunately, some of your information has been involved in this data breach however, this is limited to your name, tier status and membership number. This is the full extent of frequent flyer data Air New Zealand shares with other Star Alliance member airlines.
This data breach does not include any member passwords, credit card information or other personal customer data such as itineraries, reservations, ticketing, passport numbers, email addresses or other contact information.
The Star Alliance member airlines share minimal frequent flyer data between each other and limited third parties to ensure benefits can be used across different carriers, for example access to member lounges.
Unfortunately, some of your information has been involved in this data breach however, this is limited to your name, tier status and membership number. This is the full extent of frequent flyer data Air New Zealand shares with other Star Alliance member airlines.
This data breach does not include any member passwords, credit card information or other personal customer data such as itineraries, reservations, ticketing, passport numbers, email addresses or other contact information.
Mar 4, 2021, 9:50 pm
#3
FlyerTalk Evangelist
Join Date: Apr 2001
Location: MEL CHC
Posts: 21,018
Finnair AY thread---> Data security incident
May 22, 2021, 9:03 pm
#9
Join Date: Apr 2021
Programs: TK E+, BA EC Silver, Vistara Platinum, JP Platinum, Bonvoy Titanium
Posts: 47
https://www.livemint.com/news/india/...687289916.html