Data of hundreds of thousands of passengers stolen in SITA data breach

SITA, an IT systems provider for much of the aviation industry, recently encountered a cyberattack described as “highly sophisticated”, which provoked a leak of passenger data from its servers at the end of February. The SITA data breach was monumental in scale, affecting hundreds of thousands of customers across several notable airlines.

Affected airlines included those under the Star Alliance group, such as Lufthansa and Singapore Airlines. It also included British Airways, which is currently the subject of our group action following two seismic data breaches in 2018.

The travel industry has long been targeted by cybercriminals. Examples include the Marriott data breach and the easyJet data breach, so it is unsurprising that hackers have sought to steal further information by attacking a company that serves so much of the global aviation industry. The breach is not believed to have exposed any highly sensitive data, but it must act as a wake-up call to airlines and other travel companies. The sector must now look to protect data from an incoming wave of sophisticated cyberattacks.

SITA data breach – in summary

The SITA data breach incident reportedly came to light on 24th February, when the company became aware of a significant cyberattack which, according to a statement, was quickly contained. SITA provides passenger processing services to many airlines across the globe, so its relevant clients were notified, and these airlines have also notified known affected passengers.

The data breach is understood to be of “low risk”, given that the exposed information is said to include data related to frequent flyers, comprising of names, tier statuses and membership numbers. No financial, identity or contact information was put a risk by the cyberattack, it is understood.

British Airways issued a statement to that effect in an email to customers, in which it was stressed that SITA does not have access to their passengers’ personal and financial details. For BA customers, it is asserted that the SITA data breach has only affected some passenger names and flight preferences.

Data security and Covid-19

Addressing the security issues brought to the fore by the coronavirus pandemic, SITA made the following statement:

“We recognise that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.”

The statement undoubtedly raises concerns about the ability of SITA and other travel companies to protect their systems from more advanced and elaborate hacks, which cybercriminals are now developing at an ever-faster rate. While the travel industry continues to be a prime target for cybercriminals, companies cannot afford to lag behind, and they must optimise their security provisions as a matter of urgency.

Travel industry data breach claims

The SITA data breach is by no means an isolated incident for the travel industry. As a leading data breach law firm, we are currently leading group actions against several major companies, including travel companies like Marriott, easyJet and British Airways. In fact, we currently sit on the Steering Committee for the British Airways action, which is the first GDPR Group Litigation Order in England and Wales.

Anyone affected by a data breach may be entitled to claim compensation, so contact us for free, no-obligation advice if you think you may have a claim to make. We may be able to represent you for a claim on a No Win, No Fee basis today.