A frequent flyer program database has been breached, giving hackers access to the name, account number, and elite level of all members in all Star Alliance frequent flyer programs, according to notices provided by Singapore Airlines, Lufthansa and Air New Zealand. oneworld account data has also been breached, according to notices provided by Cathay Pacific and Finnair.
Here’s the message sent by Singapore Airlines,
SITA, an information technology company providing passenger service systems, has informed Singapore Airlines of a data security breach involving their passenger service systems’ (SITA PSS) servers. While Singapore Airlines is not a customer of the SITA PSS, another Star Alliance member airline is.
All Star Alliance member airlines provide a restricted set of frequent flyer programme data to the alliance, which is then sent on to other member airlines to reside in their passenger service systems. This data transfer is necessary to enable the verification of membership tier status, and to accord to member airlines’ customers the relevant benefits while travelling.
As a result, SITA has access to the restricted set of frequent flyer programme data for all 26 Star Alliance member airlines including Singapore Airlines.
Some of our members were affected by the breach of the SITA PSS server. The impacted data is limited to the members’ KrisFlyer membership number and tier status and, in some cases, membership name, which is the full extent of the frequent flyer data set Singapore Airlines shares with other Star Alliance member airlines for this data transfer.
Specifically, this data breach does not involve KrisFlyer membership passwords, credit card information, and other customer data such as itineraries, reservations, ticketing, passport numbers, and email addresses as SIA does not share this information with other Star Alliance member airlines for this data transfer.
We are contacting you to inform you that your KrisFlyer data was not impacted by this breach of the SITA PSS server. Your KrisFlyer miles balance was also not compromised.
We would also like to reassure you that none of Singapore Airlines’ IT systems have been affected by this incident.
The protection of our customers’ personal data is of utmost importance to Singapore Airlines. We will work with our partners to review the current procedures, and take all necessary steps to improve data security.
It appears the breach was of the SITA passenger service system. There may be additional information stolen beyond just account number and status, but it’s likely limited to things like meal and seat preferences.
Strikingly no U.S. airline that I’m aware of has notified customers of the possibility that their information has been breached.