SITA, a communications and IT vendor for 90% of the world’s airlines, has been breached. Passenger data stored on the company’s U.S. servers has been compromised.
Malaysia Airlines sent out an email to their frequent flyer members informing them that there’s “no evidence” their personal data has been misused but that is highly unlikely.
It was breached in March of 2010 and wasn’t discovered until June 2019. Thousands of members’ personal data, including name, date of birth, gender, contact information, ID number, status, and tier level was left unprotected.
Malaysia Airlines official Twitter account @MAS offered an explanation in a Mar. 1 response to a user. “…The data security incident occurred at our third-party IT service provider and not Malaysia Airlines’ computer systems.” the airline’s account responded. “However, the airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes.”
A second tweet stated “Kindly note that Malaysia Airlines has no evidence that the incident affected any account passwords. We nevertheless encourage members to change their passwords as a precautionary measure. We are monitoring any suspicious activity concerning its members’ accounts and we are in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes.”
The airline could face regulatory repercussions since the high-profile 2014 disappearance of Malaysia Air 370 was within that timeframe.
There are no reports of how many total customers were affected by the breach due to confidentiality reasons, but Singapore Airlines reported more than 580,000 customers were impacted, which ultimately equates to millions of users.
Airline members of the Star Alliance, including Lufthansa, New Zealand Air, Singapore Airlines, along with OneWorld members Cathay Pacific, Finnair, Japan Airlines, and Malaysia Air, and South Korean airline Jeju Air’s passenger data was also compromised.
The breach is in a long list of recent attacks on third-party supply-chain providers to target larger organizations. The most well-known is the SolarWinds breach of the U.S. government, and there are also the global zero-day attacks on users of the Accellion legacy File Transfer Appliance product.
This is a reminder that IT teams need to evaluate the security of all third-party vendors that have access to their systems. A full security assessment should be completed each time a new partner is brought into an organization’s fold. Your security software should allow for real-time, constant monitoring.
David Wheeler, director of open-source supply-chain security at the Linux Foundation, explained during a recent Threatpost webinar on how to lock down the supply chain that security-savvy IT pros should start asking for a software bill of materials, before using any third-party solution. This will ensure that the platform has been written securely with reliable code.
Threatrix ThreatCenter reduces supply chain risk by reporting on risk factors associated with your open supply chain dependencies, providing actionable response gating the use of high-risk components.