Massive Supply-Chain Cyberattack Breaches Several Airlines

2021-03-05 19:52

Yahil declined to say how many users have been affected for confidentiality reasons, but Singapore Airlines reported more than 580,000 impacted customers alone, meaning the compromise could ultimately impact millions of users.

"Many airlines have issued public statements confirming what types of data have been affected in relation to their passengers."

Airline members of the Star Alliance, including Luthansa, New Zealand Air and Singapore Airlines, along with OneWorld members Cathay Pacific, Finnair, Japan Airlines and Malaysia Air, have already started communicating with its at-risk users, Yahil told Threatpost, adding that South Korean airline JeJu Air's passenger data was also compromised.

"SITA PSS was holding the data of airlines that are not its direct customers, but are alliance members, because other airlines that are SITA PSS customers have an obligation to recognize the frequent flyer status of individual passengers and ensure that such passengers receive the appropriate privileges when they fly with them," Yahil explained to Threatpost.

Liberow said it's time for the airlines to dig in on securing their systems.

"Today's data breaches tell us it's no longer enough to secure your perimeter; you also have to secure your third parties, and their third parties," Ben-Ari warned.

News URL

https://threatpost.com/supply-chain-cyberattack-airlines/164549/

#airline #breaches #cyberattack #supplychain