Singapore Airlines Suffers Supply Chain Attack

According to ZDNet, data belonging to 580,000 Singapore Airlines’ frequent flyer members have been compromised in a cybersecurity attack that originally hit air transport communications and IT vendor, SITA. The incident marks the second time in a week that an airline has reported a data breach, which appears also to be the result of the attack targeting SITA.

Supply Chain Attack Target Singapore Airlines

While not a customer of SITA, Singapore Airlines (SIA) had shared a “restricted” set of data as a member of the Star Alliance group, the airline said in a statement late Thursday. This was necessary to facilitate verification of membership tier status and provide customers of other member airlines with the relevant benefits while they travelled. Such data would reside on the passenger service systems of member airlines, SIA said. The national carrier did not specify when it was informed by SITA about the breach, which impacted the latter’s passenger service system servers.

One member of Star Alliance had used this SITA system. The international airline alliance has 26 members, including Air Canada, United Airlines, and Lufthansa. Affected SIA customers were members of its KrisFlyer as well as higher tier PPS frequent flyer programme, the airline said, adding that compromised data was limited to the membership number and tier status, though, there were some instances in which membership name also was illegally accessed. The data leakage was relatively contained because these were the only details shared with the Star Alliance group.

“Specifically, this data breach does not involve KrisFlyer and PPS member passwords, credit card information, and other customer data such as itineraries, reservations, ticketing, passport numbers, and email addresses,” the Singapore carrier said. “We would also like to reassure all customers that none of SIA’s IT systems have been affected by this incident.”

On its part, SITA released a statement on its website confirming the security breach was the result of “a highly sophisticated attack”. It said it ascertained the “seriousness” of the incident on February 24, after which it took “immediate action” to inform all affected customers. Adding that it deployed “targeted” containment measures, SITA said its security incident response team was investigating the breach alongside external cybersecurity experts.

Supply chain attacks have been a threat actor’s best friend lately. IT vendors, like SITA, service many different organizations and have direct connections to them. If you’re an organization utilizing these services, it’s important to understand the risk that comes along with them.

The SolarWinds Breach is a prime example of a supply chain attack at the highest level. Although most IT vendors probably have a smaller list of clients, it’s still vital you’re protected by a digital forensics team that can monitor your network for malicious threats. SpearTip’s experts understand the risk involved with third-party vendors and have specifically created a security solution to mitigate it.

SpearTip’s cyber professionals continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you are experiencing a breach, please call our Security Operations Center at 833.997.7327.