SITA, IT vendor for 90% of the world’s airlines was hacked. Data of Luthansa, New Zealand Air, Singapore Airlines, Cathay Pacific, Finnair, Japan Airlines among others was leaked

What just a few days ago was a rumor has just been confirmed. The systems of SITA, a provider of communication and it services that collaborates with more than 90% of airlines worldwide, were compromised in what the company identified as a “sophisticated cyberattack.” According to Edna Ayme-Yahil, the company’s spokesperson, the affected servers belong to the Atlanta-based SITA PSS Passenger Service System (SITA PSS).

Although the company representative mentioned that it cannot give further details so as not to compromise the ongoing investigation, a recent Singapore Airlines report mentions that at least 580,000 of its passengers may have been affected: “Each airline has been informed about the exact number of users affected, in addition to the type of information compromised,” Yahil added.

All affected airlines are members of the Star Alliance, so these companies have already begun notifying their customers about this incident, which most likely involves confidential information.

On the affected systems, the spokesperson mentioned that these implementations allow airlines to manage information from their frequent flyer programs: “SITA PSS stores information from Star Alliance airlines so that other non-organization airlines can have relevant information.”

While the nature of the compromised data remains a mystery, cybersecurity experts believe this information can be highly valuable to cybercriminals: “Cybersecurity incident statistics involving information extracted from airlines show that these attacks can have disastrous consequences for affected users,” a recent hackerOne report says.

Shlomie Liberow, hackerone’s security architect, says: “The aviation industry has been particularly affected by cybersecurity incidents in recent months. However, it is important to note that these organizations have always been an attractive target for malicious hackers given the kind of information they manage on their systems.”

Since the severe incident at SolarWinds, hackers have discovered how productive an attack on an organization’s supply chain can be to achieve accelerated engagement. Another recent incident affected dozens of organizations working with Accellion FTA file transfer software, exposed to the exploitation of a zero-day flaw in the interception of confidential information.

The cybersecurity community believes that ideally in the face of this new variant of attacks is to change focus to implement better security mechanisms in third-party solutions used by large companies, thus preventing campaigns against products such as Accellion or SolarWinds Orion.