Global air transport data giant SITA has confirmed a data breach involving passenger data. The company said in a brief statement on Thursday that it had been the “victim of a cyberattack,” and that certain passenger data stored on its U.S. servers had been breached. The cyberattack was confirmed on February 24, after which the company contacted affected airlines.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>While it appears that the only information accessed in the breach are names and membership numbers, KrisFlyer and Singapore Airlines customers will still want to keep an eye on such things as the statistics on their loyalty program information and frequent flyer miles. </p> <p> </p> <p>It\’s possible that the hackers could match up customer names with email addresses and cell phone numbers that they already possess, and may use the information to send out phishing emails and texts, which means affected users will want to keep an eye out for such attempts.</p>
<p>Thankfully the perpetrators of this breach don’t seem to have accessed any personal data other than names and membership numbers. Whilst this will still be a concern for those customers involved, SITA appears to have a robust incident response plan in place for their protection. The vital take-away for operators here is that your supply-chain needs just as much protection as your core business. Data-sharing is a fundamental part of the modern business practice but any enterprise should require and validate data security protocols for all of their suppliers, subsidiaries and any other associated companies. A breach in the chain can happen anywhere but if it’s your chain, it’s your reputation.</p>
<p>Airline loyalty programs and frequent flyer miles are a common target for cybercriminals, who can redeem them to get gift cards or make purchases at local retailers. Some points are also resold on the grey web to mileage brokers. I wrote an article examining airline miles being sold on the dark web in 2018: <a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATURsk-2F39fwP3qbh8Kg68kzpWJiZX5GEz3mMlvs-2FtZq-2BwV6i3yB0jqWMq2WJyMYMSlCY0viTjcQl1zVqpuO4BEjXwZsNRACJxoikRL0IyVeL8XODMTlTeLg6fGolZpYduQUhPfn67wjDm5EnpaMdRCK1M-3DT6cz_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGTO5AKaXxfXA6PdkmD9nZzOoTnHFT1UG5oGB72ysmgMLvtFIiUrJZj29jC-2FG9TqG8rE032Nwk-2FJCmTNHgGUndA7F-2FtzABPHuFSjpbM1UZPC79YTqceWOQll2HaiN66cl4JUyBiKlQn1HYFMT75TGKwAPw8hYC6t-2FhmdWM6Bowr6-2B6u3aHF3Dw0CQdNx-2BDfF3KMtt727R3MVKpOHwLM0k61bKc3P9NDwvz3p0e62FPblErla8tChmUBJLcGkIh1zmy6rrdcyEEaV5D9USgfT7b61SVcPDfVkFu9A8a1b-2BuBmM\" target=\"_blank\" rel=\"noopener noreferrer\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATURsk-2F39fwP3qbh8Kg68kzpWJiZX5GEz3mMlvs-2FtZq-2BwV6i3yB0jqWMq2WJyMYMSlCY0viTjcQl1zVqpuO4BEjXwZsNRACJxoikRL0IyVeL8XODMTlTeLg6fGolZpYduQUhPfn67wjDm5EnpaMdRCK1M-3DT6cz_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGTO5AKaXxfXA6PdkmD9nZzOoTnHFT1UG5oGB72ysmgMLvtFIiUrJZj29jC-2FG9TqG8rE032Nwk-2FJCmTNHgGUndA7F-2FtzABPHuFSjpbM1UZPC79YTqceWOQll2HaiN66cl4JUyBiKlQn1HYFMT75TGKwAPw8hYC6t-2FhmdWM6Bowr6-2B6u3aHF3Dw0CQdNx-2BDfF3KMtt727R3MVKpOHwLM0k61bKc3P9NDwvz3p0e62FPblErla8tChmUBJLcGkIh1zmy6rrdcyEEaV5D9USgfT7b61SVcPDfVkFu9A8a1b-2BuBmM&source=gmail&ust=1615452870925000&usg=AFQjCNFw2Q54dDj5EHoaAdUTYQnTOeMv0w\">https://www.comparitech.<wbr />com/blog/information-security/<wbr />how-much-are-stolen-frequent-<wbr />flyer-miles-worth-on-the-dark-<wbr />web/</a></p> <p> </p> <p>Prices averaged $0.015 per mile, much lower than the real-world market price.</p>
<p><span lang=\"EN-US\">The </span><span lang=\"EN-US\">most concerning aspect of </span><span lang=\"EN-US\">this data breach is the broad scope of the attack. In this case, the breach did not happen as a direct attack on Singapore Airlines, but as a breach to their IT provider. </span><span lang=\"EN-US\">A lesson which o</span><span lang=\"EN-US\">rganisations </span><span lang=\"EN-US\">can take away from this scenario is</span><span lang=\"EN-US\"> to create security rules and procedures, not only for internal stakeholders but also for their partners in the supply chain. This means taking the software and service provider processes into consideration when discussing a partnership and defining what security measures will be implemented.</span></p>
<p>As Singapore Airlines is currently experiencing, businesses are only as secure as least secure supplier. As this attack has shown, when one company is compromised it can have a domino effect. Being able to share information quickly and easily gives organisations a competitive edge, but that means it is even more important that we foster a culture of responsibility securing data through the entire supply chain. It’s not clear yet what the attack vector was in the SITA breach, but HackerOne vulnerability data shows that the aviation and aerospace industry sees more privilege escalation and SQL injection vulnerabilities than any other industry, accounting for 57% of the vulnerabilities reported to these companies by ethical hackers.</p> <p> </p> <p>SITA would be an attractive target for criminals due to the sensitive nature of the information they hold – names, addresses, passport data. We’ve seen the aviation industry particularly hard hit over the past year, perhaps because criminals know they will be vulnerable and their focus and priorities on remaining in business, however, traditional enterprises like airlines have always been an attractive target since few are digital first businesses and therefore have relied on legacy software, which is more likely to be out of date or have existing vulnerabilities that can be exploited.</p>