back to article Oh SITA: Airline IT provider confirms passenger data leaked after major 'cyber-attack'

Not that many planes are taking off these days, but that didn’t stop the flight of passenger records from servers belonging to aviation tech supplier SITA after it was hit by a "cyberattack". In a public disclosure, the Swiss outfit confirmed it had last month fallen victim to a wide-ranging data security incident that …

  1. Muppet Boss Bronze badge

    Important message from British Airways

    Received this from BA:

    Dear Customer,

    We take the protection of your data very seriously.

    We have been notified of a data breach at global technology company SITA, an IT services provider to many airlines around the world. SITA is not British Airways’ booking and reservations system provider and SITA’s breach does not involve our customers’ financial information or password as SITA does not have access to this data. Please be reassured that this incident was not a breach of British Airways' systems.

    Along with many other airlines, we do share limited information with partner airlines in order to enhance your experience when flying with them. We have been notified by SITA that some British Airways Executive Club Members’ names, membership numbers and some of their preferences, such as seating, has been impacted.

    The password you use for your account is not held by SITA and has not been put at risk by this breach.

    As a precaution, given the potential that customers have re-used passwords used for other websites, we are taking the following action to protect you:

    Please log into your account and reset your password

    Please create a new password that you have not used elsewhere

    Once your password has been reset and you have completed a verification step, you will be able to regain full access to your account

    We know fraudsters try to use situations like this to their advantage. We will not contact you by phone and ask for your password - please do not reveal your password to anyone claiming to be from British Airways. If you need to contact us, you can do so via our contact centres.

    We are sorry for the inconvenience caused and thank you for your continued support and cooperation in helping us to keep your information safe and secure.

    British Airways

    1. Anonymous Coward
      Anonymous Coward

      Re: Important message from British Airways

      "Please log into your account and reset your password" ..... by clicking this link. As an extra security precaution we will also ask you to enter your credit card details, bank account details, mothers maiden name and your favourite pets name. Please be assured we take your security very seriously.

    2. yetanotheraoc

      Re: Important message from British Airways

      "SITA’s breach does not involve our customers’ financial information or password as SITA does not have access to this data." -- And yet they are asking you to change your password. It's beyond stupid. Changing your password is the only thing you can do, so even though it will have zero effect, they are having you do it, so you will "feel" better.

      1. Doctor Syntax Silver badge

        Re: Important message from British Airways

        It seems to me to be a good example of using somebody else's panic (you can almost hear the sigh of relief "wow, we dodged that one") to encourage their customers to do something sensible - use a unique password. And if their password isn't unique then the only way to make it so is to change it.

    3. David 132 Silver badge

      Re: Important message from British Airways

      For what it’s worth I got a very similar email on Friday from United. Ho hum. At this point I’ve forgotten what it’s like to fly.

  2. Anonymous Coward
    Anonymous Coward

    "very seriously"

  3. circusmole

    Another BA cock-up

    I got an email today from BA that my data, given to them in good faith, had been given to SITA and had been hacked!!! The email advised me to log into my BA Executive Club account and change my password - the only problem is that my BA Executive Club account has been disabled, and I cannot get in to change my password. I called BA and their IVR system refused to allow me to wait in the queue and cut me off- hmmm. Apparently this hack occurred on the 24th February and we are only finding out about in now!

    I can only assume that BA is run by a crowd of useless jokers and clowns. Have they never heard of due diligence?

    1. Anonymous Coward
      Anonymous Coward

      Re: BA is run by a crowd of useless jokers and clowns

      based in India.

      SITA also outsourced a lot of their IT work to India starting in 2016.

      See the common link?

      I used to work for SITA at 'The Old Vinyl Factory' but my on went to India. I was let go in 2017.

      Bitter? You betcha. The systems I worked on suffered a huge drop in quality after this happened.

      1. sanmigueelbeer Silver badge

        Re: BA is run by a crowd of useless jokers and clowns

        SITA also outsourced a lot of their IT work to India starting in 2016

        I got retrench in 2005 when I used to work for the SITA/Equant joint venture and my job went to Cairo, Egypt. With my pay SITA could, potentially, hire four (or more) CCNA-equivalent (I was not even CCNA) in CAI.

        When they sat me down to interview me about my job and what I do on a day-to-day basis. By the end of the process, they went "uh-oh" and offered me a one-year contract to do my job.

        I refused so in the end, they had to hire four people just to do my job.

        All I can say is when we were let go, we were all treated with respect and dignity. They rustled recruiters and mandated us to sit through "interview" training, which included how to write CVs.

  4. Anonymous Coward
    Anonymous Coward

    I wonder precisely what was pilfered, by whom and why?

    "SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving *certain passenger data* that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines."


    "If you are the customer of an airline and have a Data Subject Access Request in relation to the handling of your personal data, *this request must be made directly to that airline* in accordance with GDPR and data protection legislation. SITA is unable to respond directly to any such request"

    1. yoganmahew

      SITA is almost out of the PSS business, it has wound down its multi-host platform and New Horizons seems not to have built much popularity. Based on the damage, I'd say it is alliance frequent flyer datasets that are routinely shared to provide good service. When you fly on one alliance airline (e.g. in Star or Oneworld), you can use your FF card on other members of the alliance and get points, upgrades, use of facilities and the like. Because the datasets are quite large and the systems are globally dispersed, typically they are copied locally and updated, erm, weekly? (It is, erm, 10 or more years since I was involved!). The lookup is to check validity and tier level.

      What interests me more is where the breach happened. The legacy systems poo-poohed in the article are difficult to hack by their nature (they are poorly connected, have obtuse internals, and weird data formats - SITA PSS was Unisys), so my guess is it's a modern offload and probably a copy to an unsecured cloud bucket. For all the sneering at legacy, this modern stuff is shite.

  5. Anonymous Coward
    Anonymous Coward

    SITA down

    Sita down, I have a some bad news....

    1. Anonymous Coward
      Anonymous Coward

      Re: SITA down

      Was Alitalia one of the affected?

  6. Yes Me Silver badge

    Down Under same as Up Top

    Air New Zealand sent out rather more text than Lufthansa. ANZ blames "a Star Alliance partner" rather than SITA. Lufthansa blames "a service provider of one of our Star Alliance partners". ANZ explicitly says "This data breach does not include any member passwords, credit card information or other personal customer data... There is no need to change your password or take any other action." Lufthansa is specific about the date of the breach: "Between 21.1. and 11.2.2021".

  7. yetanotheraoc

    Legacy tech

    "Compounding this problem is the industry’s reliance on legacy tech." Nope. The legacy tech was secure enough for its time. Actually what is compounding this problem is people wiring up the legacy tech to newfangled cloudy tech - with incorrect security or no security applied. The data wasn't stolen before because it wasn't accessible before. The data breach happened now because someone changed the ways of accessing it. And the problem is going to get worse, not better, because more and more of the "legacy" data is going to be modernized by moving the applications to some serverless, micro-service, cloud-enabled architecture, where the legacy data will be promptly left exposed in a bucket with no password at all.

    1. yoganmahew

      Re: Legacy tech

      Absolutely, but you forgot the "security is at the heart of everything we do" being in sprint 12 of 11 budgeted for...

    2. Doctor Syntax Silver badge

      Re: Legacy tech

      It makes you wonder just how much further things will have to go before the brakes get slammed on in the realisation that "security" is something more than just a word in PR statements.

  8. tiggity Silver badge

    dubious quote

    "The total period during which the cyber-attacker(s) were able to access SITA’s systems was less than a month.

    By global and industry standards, this cyber-attack was identified extremely quickly."

    That seems a long time & slow detection to me, based on the "Between 21.1. and 11.2.2021" Lufthansa line

    Not sure what industry standards they are referring to, maybe its the DGAF about security, industry

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021