There has been a data breach of an international frequent flyer information database. Unfortunately, it looks like this has exposed the name, account number, and elite status level of all Star Alliance frequent flyer programs. View from the Wing reports that oneworld data has also been breached according to notices from Cathay Pacific and Finnair, though I haven’t yet received an email from those programs. I received the following notice from Singapore Krisflyer about the breach:
UPDATES ABOUT YOUR KRISFLYER ACCOUNT
SITA, an information technology company providing passenger service systems, has informed Singapore Airlines of a data security breach involving their passenger service systems’ (SITA PSS) servers. While Singapore Airlines is not a customer of the SITA PSS, another Star Alliance member airline is.
All Star Alliance member airlines provide a restricted set of frequent flyer programme data to the alliance, which is then sent on to other member airlines to reside in their passenger service systems. This data transfer is necessary to enable the verification of membership tier status, and to accord to member airlines’ customers the relevant benefits while travelling.
As a result, SITA has access to the restricted set of frequent flyer programme data for all 26 Star Alliance member airlines including Singapore Airlines.
Some of our members were affected by the breach of the SITA PSS server. The impacted data is limited to the members’ KrisFlyer membership number and tier status and, in some cases, membership name, which is the full extent of the frequent flyer data set Singapore Airlines shares with other Star Alliance member airlines for this data transfer.Specifically, this data breach does not involve KrisFlyer membership passwords, credit card information, and other customer data such as itineraries, reservations, ticketing, passport numbers, and email addresses as SIA does not share this information with other Star Alliance member airlines for this data transfer.
We are contacting you to inform you that your KrisFlyer data was not impacted by this breach of the SITA PSS server. Your KrisFlyer miles balance was also not compromised.
We would also like to reassure you that none of Singapore Airlines’ IT systems have been affected by this incident.
The protection of our customers’ personal data is of utmost importance to Singapore Airlines. We will work with our partners to review the current procedures, and take all necessary steps to improve data security.
While I generally operate under the assumption that most of my data has long been breached, this is a fairly specific instance that likely affects many readers. Passwords apparently weren’t stolen and while there may have been some other data accessed it looks like it was likely only very basic information about preferences rather than personal details. Always worth keeping your eye on your accounts for unusual activity and keeping passwords and 2 factor authentication up to date.
H/T: View from the Wing and reader Michael
Want to learn more about miles and points? Subscribe to email updates or check out our podcast on your favorite podcast platform.
Same email from AA for our accounts
I just received almost identical email from United mileage plus… I’m curious which star alliance member airline was the one which was breached. Does anyone have any information on this? I know that Malaysia airlines which is not a part of star Lyons was also breached recently
Similar Email from American Airlines
same
AA really shouldn’t be sending out emails with the subject “Important information about your AAdvantage account”. It freaks people out. I would suggest “Important information about your AAdvantage account, but don’t worry, it’s not about all your Citibank credit cards.”
That’s exactly what I thought. Now I have to wash my pants.
Same e-mail from Singapore.
I just got an identical email from Aegean replaced with their terminology