Expert Voices Concern On Airlines Data Security Breach

By Massita Ahmad SINGAPORE, March 5 (Bernama) -- The most concerning aspect of the data security breach involving several airlines recently is the broad scope of the attack, says Synopsys Software Integrity Group. Its senior security engineer, Boris Cipot said one of the lessons that organisations can take away from the security breach is the importance of creating security rules and procedures which not only applies to internal stakeholders, but also for their partners in the supply chain. “This means taking the software and service provider processes into consideration when discussing a partnership and defining what security measures will be implemented,” he said in a statement today. Cipot noted that the breach did not happen as a direct attack on the airlines, but involved a third-party information technology (IT) service provider. On March 4, air transport communications and IT service provider, SITA confirmed that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on the SITA Passenger Service System (US) Inc’s (SITA PSS) servers. After confirmation of the seriousness of the data security incident on Feb 24, 2021, SITA said it had taken immediate action to contact affected SITA PSS customers and all related organisations. On the same day, Singapore Airlines (SIA) said SITA had informed the airline regarding the incident. SIA said while it was not a customer of the SITA PSS, the breach on the server had affected around 580,000 KrisFlyer and PPS members. -- BERNAMA