bienvenido a t-cert
On Thursday, February 4, 2021, SITA, a provider of communication services and information technology for the airline industry, reported on its website that it had suffered a "highly sophisticated" cyberattack, which resulted in a security incident, having as This results in the exfiltration of data from the servers where your SITA Passenger Service System (PSS) is stored.
The company added that it confirmed the severity of the attack on February 24, 2021, and immediately contacted all SITA PSS customers and related organizations.
SITA did not provide any other details on the nature of the attack or the vector of entry to the systems, which had already been reported by Singapore Airlines the day before (March 3).
Several affected airlines reported (each one separately) to the press and their customers about the attack. Some of the firms that have revealed to be part of the security breach in SITA's systems are American Airlines, British Airways, Lufthansa, Air New Zealand, Finnair, Singapore Airlines, Malaysia Airlines, Aegean and Jeju Air.
Lufthansa noted that the data exfiltration occurred between January 21 and February 11.
These companies claim that the incident did not take place on their own systems, but that the damage was verified on the SITA PSS servers. Firms such as Air New Zealand and Singapore Airlines indicated that the exfiltered data is customer names, status in their frequent flyer programs and membership number, in addition to in some cases their preferences when traveling, such as seat and meals, but that they were not filtered password data, reservations, contact information or credit or debit cards.
However, some companies recommended that their clients change their access credentials to their web portals, despite the fact that they indicated that this information is not exchanged with SITA.
The airlines explained that the affected information corresponds to data from their clients of frequent flyer programs, and although some airlines are not direct clients of the SITA passenger services system, they are of the Oneworld and Star Alliance alliances , where they share frequent traveler information with SITA.
Latam Airlines, the airline with the most clients in our country, does not currently belong to any of these alliances, having ceased to belong to Oneworld in 2020, but without prejudice to them, the statements state that in the incident they would have had access to data from the year 2010 to 2019.
Along with the mitigations and recommendations provided by SITA and the airlines to affected customers, the Government CSIRT requests that other preventive measures be considered, such as:
Stay abreast of any information coming from SITA or airlines in relation to obtaining more details about the attack carried out.
If you are a member of frequent flyer programs of any of the airlines that have recognized to be affected, or of others belonging to Star Alliance or Oneworld, it is recommended to change the passwords with which you are registered on the companies' platform.
.jpg){kind=small}