Singapore Airlines (SIA) is the latest victim of a supply chain attack on the passenger service system of Sita, a provider of IT systems for the aviation industry.
SIA, a member airline of the Star Alliance, provides the alliance A limited set of frequent flyer program data is available, which is then sent to other member airlines to reside in their respective passenger service systems.
This data transfer is necessary in order to verify the membership level of a customer and to provide the customers of the member airlines with the relevant benefits while SIA is not a customer of the Sita passenger service system, one of the Star Alliance member airlines provides frequent flyer program data for all 26 member airlines, including Singapore Airlines.
According to the SIA, around 580,000 KrisFlyers and its high-ranking PPS members (Priority Passenger Ser vice) affected by the Sita injury. The information is limited to the membership number and status of the tier, and in some cases the membership name.
The airline said this data breach did not include KrisFlyer and PPS member passwords, credit card information and other customer data such as travel routes, Reservations, tickets, passport numbers and e-mail addresses, as SIA did not share this information with other Star Alliance members, airlines.
It was stressed that none of its IT systems were affected by this incident and are currently on All KrisFlyer and PPS members turned to inform them of the incident.
In addition to SIA, Malaysia Airlines, Finland’s Finnair and South Korea’s Jeju Air were reportedly affected by the attack, which Sita said was the work of sophisticated threat actors.
In a statement, Sita said she acted quickly and put in place targeted containment measures. « The matter is still being investigated by the Sita incident response team with the assistance of leading outside cybersecurity experts, » he added.
Vulnerabilities in the supply chain are common after the SolarWinds network management software attack Leaving large corporations and governments in the limelight.
« Complex global supply chains provide a criminally intentional individual with many vulnerabilities that can be tested in pursuit of a compromising system, » said Sanjay Aurora, chief executive officer of APAC at Darktrace. </ "These attacks are virtually undetectable with standard security tools and procedures because the malicious software is packaged as legitimate in your own laptop or software that you would normally have relied on and into the heart from trusted vendors Your business is being delivered, "he said.
In the face of this awake Send Threat Landscape said Aurora the challenge that organizations urgently need to face is not auditing all of their suppliers, but managing the ubiquitous risk that suppliers from around the world bring.
« Because of this, pursue Nowadays, more and more companies have a zero trust policy, both in terms of their internal environment and in terms of their supply chain. They rely on cutting-edge technologies like artificial intelligence to identify and stop cyber attacks wherever they occur, « he added.
This e-guide explores the links between ransomware attacks, data breaches and identity theft First, Nicholas Fearn researches the phenomenon of the double blackmail attack and gives some inside advice on how to stop it, while we explore the top five ways backups can protect against ransomware in the first place.
By submitting my email Email address, I confirm that I have read and accept the terms of use and consent form.
The tech industry has made some strides in improving gender diversity in recent years, but people with color and women with color,. ..
In an AI-powered digital economy, data transparency is the new currency what IT managers need to do to instill trust and …
While RPA has several advantages in the company, there are also some disadvantages. According to experts, these are the best …
Instead of patchwork security fixes, financial firms need to leverage automation, create and deploy secure software, and …
To adapt to security challenges such as remote working and increasingly complex threats , Microsoft is building in …
The new threat analysis functionality of Microsoft 365 Defender includes incremental reports on attacks, vulnerabilities and much more.
Cisco has announced that it will sell and support Acacia’s optical networking products separately. Cisco will continue to …
Companies that want to ensure proficient network security strategies should consider how to implement penetration testing …
In a perfect world, Wi-Fi 6 could bring several benefits to corporate networks. But real conditions could change the …
CRAC / CRAH hardware updates make data center cooling more efficient. And these new systems are easier for administrators to maintain and …
New Red Hat tools and integrated system offerings enable IBM Power users to run workloads in multiple cloud environments.
Private cloud deployments require a variety of skills to run smoothly on any infrastructure. Expand your technical knowledge with …
Blockchain isn’t just for cryptocurrency. The technology can be an additional layer of security and authenticity that …
The head of a young open source database company explains why the provider is collecting new money as a demand for clouds …
Data warehouses are not a new part of the data pipeline, but analyst roles in managing the repository are growing. Here’s a look …
All rights reserved,
Copyright 2000-2021, TechTarget
Privacy Policy
Cookie settings
Do not sell my personal information
Ref: https://www.computerweekly.com