Security News
British Airways has settled the not-quite-a-class-action* lawsuit against it, potentially paying millions of pounds to make the data breach case in the High Court of England and Wales go away. "The resolution includes provision for compensation for qualifying claimants who were part of the litigation. The resolution does not include any admission of liability by British Airways Plc," said PGMBM. The lawsuit was based on the 2018 BA data breach, where the credit card details of 380,000 people were stolen thanks to a Magecart infection on its payment processing pages.
A monster cyberattack on SITA, a global IT provider for 90 percent of the world's airline industry, is slowly unfurling to reveal the largest supply-chain attack on the airline industry in history. The enormous data breach, estimated to have already impacted 4.5 million passengers, has potentially been traced back to the Chinese state-sponsored threat actor APT41, and analysts are warning airlines to hunt down any traces of the campaign concealed within their networks.
A technology provider says a malware attack triggered a dayslong outage that has caused reservations systems to crash at about 20 low-cost airlines around the world. A spokeswoman for Radixx's parent, Southlake, Texas-based Sabre Corp., said Friday that the company was beginning to restore service to airline customers.
Yahil declined to say how many users have been affected for confidentiality reasons, but Singapore Airlines reported more than 580,000 impacted customers alone, meaning the compromise could ultimately impact millions of users. "Many airlines have issued public statements confirming what types of data have been affected in relation to their passengers."
Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company. A SITA representative told BleepingComputer that the intrusion impacts data of passengers from the airlines listed below.
SITA didn't elaborate on the nature or extent of the attack, other than to describe it as "Highly sophisticated but limited." According to its own disclosure, the attackers obtained passenger records from servers hosted in an Atlanta, Georgia data centre operated by an American subsidiary. "The data in question relates exclusively to service card numbers, status level and in some cases names. Unfortunately, your customer data is also affected. You can rest assured that no passwords, email addresses or other personal customer data were stolen in the incident."
SITA, a multinational company that specializes in air transport communications and IT, this week confirmed falling victim to a cyberattack that appears to have impacted multiple airlines around the world. SITA said on Thursday that the attack, which it described as "Highly sophisticated," affected certain passenger data stored on servers of SITA Passenger Service System Inc., which operates passenger processing systems for airlines.
Malaysia Airlines has suffered a data breach spanning nine yearsof data that exposed the personal information of members in its Enrich frequent flyer program. Starting yesterday, Malaysia Airlines began emailing members of their Enrich rewards program to disclose that they were affected by a data breach.
A recently identified threat actor that remained unnoticed for roughly two years appears focused on the targeting of airlines that are using the BSPLink financial settlement software made by the International Air Transport Association, cybersecurity firm Malwarebytes reported on Wednesday. Over time, the group evolved its toolset from PowerShell Empire to the Koadic and Octopus RATs, and used LuminosityLink, RMS, Quasar, njRat and Remcos RATs in between.
The actor received the name LazyScripter and has been active since 2018, using phishing to target individuals seeking immigration to Canada for a job, airlines, and the International Air Transport Association. The researchers from Malwarebytes also found other examples where the attacker dropped other remote access trojans that are common to multiple hacking groups: LuminosityLink, RMS, Quasar, njRat, and Remcos.