A security breach at the technology company SITA has compromised passenger data at numerous global airlines.
The breach occurred at servers in Atlanta that hold data for SITA's Horizon Passenger Service System, which is used by airlines to manage ticketing and reservations. SITA is among the largest IT providers in the passenger airline ecosystem.
In a statement, SITA spokeswoman Edna Ayme-Yahil declined to say how many airlines have been impacted by the breach. The company also didn't provide many details on the type of data compromised, but it did note that the data includes some personal data of airline customers, including frequent flyer account data.
Related report: Latest targets of fraudsters are hotel and airline loyalty points
"Each affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories," Ayme-Yahil said.
So far, Singapore Airlines, Air New Zealand, Lufthansa, Malaysia Airlines, Finnair, Japan Airlines, Cathay Pacific and South Korea's Juju Air have independently disclosed impact from the breach, she noted.
Some of those airlines aren't direct customers of the SITA Passenger Service System. However, the breach has filtered through the Star and Oneworld alliances, which was able to occur because airlines within alliances share frequent flyer information so that they can provide reciprocal loyalty accruals, redemptions and privileges.
Star Alliance member Singapore Airlines, for example, said that 580,000 members of its KrisFlyer and PPS loyalty program have had data exposed by the breach, even though the carrier is not a SITA Passenger Service System customer.
Singapore said the breech does not involve credit card information or data such as itineraries, passport numbers and email address.
"The information involved is limited to the membership number and tier status and, in some cases, membership name, as this is the full extent of the frequent flyer data that Singapore Airlines shares with other Star Alliance member airlines for this data transfer," the airline said.
Star Alliance member Lufthansa said 1.35 million Miles and More members have been impacted by the breach. Member names and status level were exposed, but not passwords or email addresses.
Tomi Pienimaki, chief digital officer for Oneworld member Finnair, said approximately 10% of that carrier's loyalty customers have been targeted.
"To be honest, I was not surprised in itself that the air industry was subjected to such an attack, because the industry is in a difficult situation and therefore vulnerable," he wrote in a LinkedIn post. "Once we have been informed, all we have to do is clarify the matter and ensure the integrity of our own systems day and night."
Pienimaki speculated that many more airlines than have thus far made statements have been impacted.
On its website, SITA says it provides IT solutions to more than 2,500 airlines, airports, ground handlers and governments, impacting 95% of global destinations.
SITA called the cyberattack, "highly sophisticated."
"SITA acted swiftly and initiated targeted containment measures," the company said. "The matter remains under continued investigation by SITA's Security Incident Response Team with the support of leading external experts in cybersecurity."