게시일: 2021. 3. 7 오후 2:14:09
A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.”
The affected servers are in Atlanta, and belong to the SITA Passenger Service System (SITA PSS), company spokeswoman Edna Ayme-Yahil told Threatpost. SITA PSS operates the systems for processing airline passenger data and belongs to a group of SITA companies, headquartered in the E.U.
Malaysia Air and Singapore Airlines have already made headlines in recent days after alerting their customers they’ve been compromised as part of the attack.
Yahil declined to say how many users have been affected for confidentiality reasons, but Singapore Airlines reported more than 580,000 impacted customers alone, meaning the compromise could ultimately impact millions of users.
The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers.
A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.”
The affected servers are in Atlanta, and belong to the SITA Passenger Service System (SITA PSS), company spokeswoman Edna Ayme-Yahil told Threatpost. SITA PSS operates the systems for processing airline passenger data and belongs to a group of SITA companies, headquartered in the E.U.
Malaysia Air and Singapore Airlines have already made headlines in recent days after alerting their customers they’ve been compromised as part of the attack.
Yahil declined to say how many users have been affected for confidentiality reasons, but Singapore Airlines reported more than 580,000 impacted customers alone, meaning the compromise could ultimately impact millions of users.
“Each affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories,” Yahil said.
~~
“The data security incident occurred at our third-party IT service provider and not Malaysia Airlines’ computer systems,” the Malaysia Air’s Twitter account said about the breach earlier this week, without mentioning SITA by name. “However, the airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes.”
The systems are linked by SITA PSS so that one airline can recognize frequent-flyer benefits from other carriers.
“SITA PSS was holding the data of airlines that are not its direct customers, but are alliance members, because other airlines that are SITA PSS customers have an obligation to recognize the frequent flyer status of individual passengers and ensure that such passengers receive the appropriate privileges when they fly with them,” Yahil explained to Threatpost. “That obligation arises from the contractual commitments that the other airline has agreed in its contractual arrangements with an alliance organization.”
She added, “It is common practice for alliance members to recognize the frequent-flyer scheme tiers of the passengers they carry. This mandates the sharing of frequent-flyer data amongst alliance members and, consequently, the service providers to those alliance members (such as SITA).”
~~
=========================
1.SITA는 다른 여러 항공사와 제휴를 맺어 (다른 항공사의) 고객의 정보를 공유받는 회사다.
2.SITA의 고객 데이터베이스가 공격(sql injection)됐고, 따라서 일반적인 항공사를 이용하는 대다수의 고객들의 신상 정보가 유출됐다.
3.항공사와 같은 전통적인 기업들은 디지털 기업에 비해 구식 공격에도 취약할 수밖에 없는 실정이다.
=========================
공격 대상인 SITA는 운송업체에 IT서비스를 제공해주는 회사다. 항공사(운송업)와 같은 전통적인 기업/사업과 IT와의 연계는 흔히 일어나는 일이지만, 그로 인해 정보 보호가 회사 내부에서만으로는 부족해질 수 있는 사례였다. 여러 회사, 특히 전통적 사업에서 기업간의 제휴는 그만큼 정보 보호의 난이도가 올라감을 알 수 있었다.