Cyber Stories: Airline Data Hack



Written by


Although it is too early to know the details of exactly how, SITA, an information technology company that provides airline passenger service systems, has confirmed it was the victim of a cyberattack last month. The firm – which provides IT systems for around 90% of the global aviation industry – said that the U.S. servers of its Passenger Service System were attacked on February the 24th.

Responding to the breach, United and American Airlines said no passwords, financial information or other sensitive data was accessed, but that a “limited amount” of data, such as names, loyalty program numbers and tier status, may have been exposed.

Sita took “immediate action” to contact affected customers and all related organisations, and made a statement saying: “We recognise that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active. This was a highly sophisticated attack.”

In spite of the increased attention being paid to data security, cybercriminals are still managing to find new ways to overcome defences and gain access to sensitive corporate data. The techniques used, from sophistical social engineering to malware or supply chain attacks, are becoming more and more sophisticated in their efforts to expose and profit from this sensitive information.

Some of the more damaging consequences of a data breach include:

1. Financial Loss

Perhaps the most immediately obvious impacts of a data breach are the financial loss that can be incurred. Costs can arise as a result of having to compensate customers, setting up incident response effects, investigating the breach, heightened security measures, legal fees and more. There are also some damning penalties that can be imposed for non-compliance with the GDPR (General Data Protection Regulation).

2. Reputational Damage

How will potential customers and clients view your business after a data breach? In the modern age, news of a data breach will be spread throughout the globe in a matter of hours. The negative press and consequent loss of consumer confidence can have a devastating impact on a company.

3. Operational Downtime

If a data breach does occur, there will be a heavy disruption to business operations while the breach is solved. The process from start to finish can take days, weeks or months before it is completely resolved, meanwhile, costs will add up and revenues will drop, leading to a difficult period for the company.

4. Legal Action

There are various legal issues that can arise in the event of a data breach. Organisations are legally bound to demonstrate that they undertook all the necessary steps to protect personal data. Individuals and companies whose data has been breached are entitled to seek compensation, and in both the UK and the U.S. there has been a steep increase in such legal cases occurring.

5. Loss of Sensitive Data

The loss of sensitive personal data has the potential to have damaging consequences for the individual. Often data breaches can lead to extremely personal information being released, such as individuals' names, addresses, phone numbers, and email addresses, which leaves them vulnerable to any kind of attack.

Data breaches clearly represent a serious threat to any organisation, and the time to act is always now when it comes to improving your company's cybersecurity capabilities.

Thankfully, Airnow Cybersecurity is here to help. We create the best of breed cybersecurity awareness training on the market, as well as offering a wide array of products that directly confront the challenges that arise from a host of cyber threats, including data breaches.

For more information, visit our brand new website and get in touch with one of the team.