Star Alliance data breach impacts huge number of airline passengers

A data breach involving a third-party system provider behind the Star Alliance of airlines has exposed some information on hundreds of thousands of airline passengers, potentially including customer names and MileagePlus numbers. The leaked information won't allow unauthorized individuals to access passengers' accounts, however.

The data breach was confirmed by Sita, which said that a 'data security incident' took place that involved the SITA Passenger Service System servers, which operates the processing systems for Star Alliance airlines like United. Sita alerted the Star Alliance airlines, which have since advised their customers of the data incident.

SITA describes the data breach as 'a highly sophisticated attack,' noting that it 'took immediate action' after learning about the incident on February 24. The company's Security Incident Response Team is working with third-party industry experts to investigate the matter.

In its statement, Sita said:

We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack. SITA acted swiftly and initiated targeted containment measures.

United, one of the Star Alliance airlines, has alerted its customers to the matter by email, noting that passwords and personal information — aside from customer names — weren't exposed. As part of its email, United explained:

We have strong cyber security measures in place to protect your personal data, and both United and Star Alliance have reviewed our own systems and found no indications that they have been compromised in connection with this incident.