Star Alliance, Oneworld airlines' frequent flyers hit by data breach

The hack of a company that manages ticket-processing and frequent-flyer data for major global airlines — including Star Alliance and OneWorld members — has compromised the personal data of an unspecified number of travellers.

The hackers were able to access some computer systems at Atlanta-based SITA Passenger Service System for up to a month before the incident's seriousness was confirmed on February 24, a spokesman for the company's Geneva-based parent company said.

The spokesman, Sandro Hofer, would not say how many airlines were affected — SITA says it serves more than 400 and is industry-owned. The company said that Singapore Airlines, New Zealand Air and Lufthansa were among those affected.

"The extent to which (frequent flyer alliances') individual airlines were affected varies from airline to airline," SITA said in a statement.

It said Malaysia Airlines, Finnair, Japan Airlines, Cathay Pacific had either issued statements or reached out to frequent-flyer members about the hack.

United Airlines said separately that the only customer data potentially accessed were names, frequent-flyer numbers and program status. It recommended in an email that frequent-flyer customers should change their account passwords "out of an abundance of caution."

Singapore Airlines' sent a message to its KrisFlyer members stating that the breach "is limited to the members' KrisFlyer membership number and tier status and, in some cases, membership name, which is the full extent of the frequent flyer data set Singapore Airlines shares with other Star Alliance member airlines for this data transfer."

It did not include "membership passwords, credit card information, and other customer data such as itineraries, reservations, ticketing, passport numbers, and email addresses as SIA does not share this information with other Star Alliance member airlines for this data transfer," the statement said.

Air New Zealand also issued a statement to its AirPoints members stating that details of passwords, credit cards and other information were not affected by the breach.

SITA provides IT services for the airline industry, including passenger travel planning and booking, airport operations and security, baggage, aircraft connectivity and in-flight cabin and cockpit operations. It first announced the breach on Thursday.

with AP