In early 2021, Sita, a supplier of IT systems for the airline industry, started informing airlines using its passenger service system that their frequent flyer programme data could have been exposed.
As it turned out, the passenger service system, which airlines use to send data of frequent flyers to other airlines in the same alliance so that they can accord benefits to their customers, was compromised by a highly sophisticated cyber attack.
Singapore Airlines was one of the affected airlines even though it did not use the Sita system. That’s because it provided the data of its frequent flyer members to a Star Alliance airline that was using the affected system, exposing information such as membership numbers, tier status, and in some cases, member names.
While airline alliances bring benefits such as network effects that enable airlines to fly their customers to more destinations, the interconnectivity between their systems also attracts cyber criminals looking to exploit the weakest links through supply chain attacks. These links can also take the form of popular third-party systems that many organisations use to run their IT operations.
One such system is the…
