Data of 580,000 SIA customers leaked in security breach

But passwords, credit card info not compromised in cyber attack on external firm, airline says

Members of Singapore Airlines' KrisFlyer and PPS Club reward programmes have had their membership numbers, tier status and, in some cases, membership names compromised. The data breach originated from air transport information technology firm Sita.
Members of Singapore Airlines' KrisFlyer and PPS Club reward programmes have had their membership numbers, tier status and, in some cases, membership names compromised. The data breach originated from air transport information technology firm Sita.LIANHE ZAOBAO FILE PHOTO

About 580,000 Singapore Airlines (SIA) customers have been affected by a data leak at an external firm.

SIA said in a statement yesterday that members of its KrisFlyer and PPS Club reward programmes have had their membership numbers, tier status and, in some cases, membership names compromised.

It said, though, that the breach did not involve the members' passwords or credit card information. There was also no leak of itineraries, reservations, ticketing information, passport numbers, and e-mail addresses.

A spokesman for the airline said: "It is not possible for someone to access any confidential customer data or their miles with only the leaked information."

SIA said the data breach originated from air transport information technology firm Sita.

The carrier is not a customer of Sita's passenger service system.

But all members of the Star Alliance group of airlines, which SIA is part of, provide a set of frequent flier programme data to the alliance.

One of the group's 26 member airlines is a Sita customer, which resulted in Sita getting access to the data from the other alliance members.

SIA said: "All Star Alliance member airlines provide a restricted set of frequent flier programme data to the alliance, which is then sent on to other member airlines to reside in their respective passenger service systems.

"This data transfer is necessary to enable verification of the membership tier status, and to accord to member airlines' customers the relevant benefits while travelling."

SIA is contacting all customers to let them know if they are affected.

The airline said it will also review current procedures and take all necessary steps to improve data security.

Sita said in a separate statement that it was hit by a highly sophisticated cyber attack that affected certain data stored on its passenger service system servers.

It had confirmed "the seriousness of the data security incident" on Feb 24.

"The matter remains under continued investigation by Sita's security incident response team, with the support of leading external experts in cyber security," it added.

A version of this article appeared in the print edition of The Straits Times on March 05, 2021, with the headline 'Data of 580,000 SIA customers leaked in security breach'. Subscribe