Around 580,000 Privilege Fliers Data Breached, says Singapore Airlines

 

Around 580,000 privilege fliers, KrisFlyer and PPS members have been affected by an information breach, Singapore Airlines (SIA) has said. The information breach includes the passenger service system servers of SITA, an air transport data technology organization, as indicated by the Channel News Asia report.

"While SIA is not a customer of the SITA PSS, this breach of the SITA PSS server has affected some KrisFlyer and PPS members," the national carrier said on Thursday. SIA added that this information breach explicitly doesn't include KrisFlyer and PPS member passwords, credit card data, and other client information like itineraries, reservations, ticketing, passport numbers, and email addresses. 

Such data isn't imparted to other Star Alliance member airlines for this information transfer, the airline said. All-Star Alliance member airlines give a confined set of frequent flyer programme information to the alliance, which is then sent on to other member airlines to reside in their respective passenger service systems. SIA said this information transfer is important to empower verification of the membership tier status. 

One of the Star Alliance member airlines is a SITA PSS client. Subsequently, SITA has access to the restricted set of frequent flyer programme information for each of the 26 Star Alliance member airlines including Singapore Airlines. "The information involved is limited to the membership number and tier status and, in some cases, membership name, as this is the full extent of the frequent flyer data that Singapore Airlines shares with other Star Alliance member airlines for this data transfer," said SIA. 

SIA said none of its IT systems have been affected by the breach and that they are contacting all KrisFlyer and PPS members to inform them about the incident. "The protection of our customers' personal data is of utmost importance to Singapore Airlines, and we sincerely regret the incident and apologize for the inconvenience caused." SITA affirmed in a different statement that it was the "victim of a cyber-attack" which prompted the information security incident. In the wake of affirming the seriousness of the incident on February 24, SITA said it made a prompt move to contact the affected SITA passenger service system customers and all related organizations.