Following the Malaysia Airlines data breach earlier this week, Singapore Airlines frequent flyer members are hit in another third-party data security breach. Passenger data for 580,000 Singapore airlines frequent flier members has been compromised. Both this breach and the one affecting Malaysia Airlines appear to stem from a cyberattack launched against air transport communications and IT vendor, SITA — one of the largest aviation IT companies in the world, SITA serves roughly 90% of the world’s airlines.
In a statement, SITA explained that the breach came as the result of a highly sophisticated account and that they were still investigating how compromised systems were successfully broken into. Compromised data from Singapore Airlines is reported to have been limited to membership number and tier status, with membership names also illegally accessed in certain cases.
Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group weighs in on the incident. “The most concerning aspect of this data breach is the broad scope of the attack. In this case, the breach did not happen as a direct attack on Singapore Airlines, but as a breach to their IT provider. A lesson which organisations can take away from this scenario is to create security rules and procedures, not only for internal stakeholders but also for their partners in the supply chain. This means taking the software and service provider processes into consideration when discussing a partnership and defining what security measures will be implemented.”