Skip to content
Go to Home Page
News

What we know about the data breach targeting frequent flyer info

March 05, 2021
3 min read
Woman using laptop in living room
What we know about the data breach targeting frequent flyer info
The cards we feature here are from partners who compensate us when you are approved through our site, and this may impact how or where these products appear. We don’t cover all available credit cards, but our analysis, reviews, and opinions are entirely from our editorial team. Terms apply to the offers listed on this page. Please view our advertising policy and product review methodology for more information.

A "highly sophisticated" cyber attack targeting frequent flyer data has affected at least 11 airlines around the globe, including U.S. carriers American and United. The Feb. 24 incident targeted SITA, a technology provider that helps process communications and passenger information across numerous carriers.

Fortunately for customers, the hackers were not successful in stealing critical information like customer passwords or credit card information, according to both SITA and the affected airlines. Instead, the breach appears to have been limited to data such as frequent flyer account numbers and status levels.

"We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active," SITA said in a Friday statement acknowledging the incident, which it said "remains under continued investigation."

"This was a highly sophisticated attack," the company added.

Affected airlines also have begun reaching out to customers. Despite early reports that the breach may have affected only carriers of the Star Alliance frequent flyer group, other airlines have also been exposed.

In the U.S., both United and American had started emailing customers on Friday afternoon.

Daily Newsletter
Reward your inbox with the TPG Daily newsletter
Join over 700,000 readers for breaking news, in-depth guides and exclusive deals from TPG’s experts

"It's our understanding that the only information potentially accessed were customer names, MileagePlus numbers and Star Alliance statuses (Silver or Gold)," United said in an email to its members. "Importantly, no other personal information or passwords were exposed that would allow anyone to access your MileagePlus account."

American sent out a similar email to customers.

Cyber secure: How to protect yourself against reward program data breaches

Neither are customers of SITA's passenger service system, though their frequent-flyer information seems to have been exposed via partners that are. The system can, among other things, allow airlines to share tier status information with each other so that airlines can offer elite benefits to eligible customers of their partners.

At least nine other carriers were affected, according to media reports and emails sent by carriers. They include Cathay Pacific, Finnair, Japan Airlines, Jeju Air of Korea, Lufthansa, Malaysia Airlines, SAS and Singapore Airlines. Delta Air Lines told TPG that it had no indication it was exposed to the breach.

Still, Skift estimates that "more than two million travelers enrolled in the frequent flier programs (of the affected) airlines had some of their data hacked."

While SITA and the airlines say no sensitive information was taken, some carriers suggested customers could change their passwords "out of an abundance of caution."

Featured image by JOHNER IMAGES/GETTY IMAGES
Editorial disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airline or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

TPG featured card

Capital One Venture Rewards Credit Card

4.5 / 5
Go to review
Apply for Capital One Venture Rewards Credit Card
Apply now
for Capital One Venture Rewards Credit Card

at Capital One's secure site

Terms & restrictions apply. See rates & fees.

Rewards rate
5X milesEarn 5X miles on hotels, vacation rentals and rental cars booked through Capital One Travel
2X milesEarn unlimited 2X miles on every purchase, every day
Intro offer
Open Intro bonus
Enjoy a $250 travel credit & earn 75K bonus miles
Annual fee
$95
Regular APR
19.49% - 28.49% (Variable)
Recommended credit
Open Credit score description
670-850Excellent, Good

Pros

  • Stellar welcome offer of 75,000 miles after spending $4,000 on purchases in the first three months from account opening. Plus, a $250 Capital One Travel credit to use in your first cardholder year upon account opening.
  • You'll earn 2 miles per dollar on every purchase, which means you won't have to worry about memorizing bonus categories
  • Rewards are versatile and can be redeemed for a statement credit or transferred to Capital One’s transfer partners

Cons

  • Highest bonus-earning categories only on travel booked via Capital One Travel
  • LIMITED-TIME OFFER: Enjoy $250 to use on Capital One Travel in your first cardholder year, plus earn 75,000 bonus miles once you spend $4,000 on purchases within the first 3 months from account opening - that’s equal to $1,000 in travel
  • Earn unlimited 2X miles on every purchase, every day
  • Earn 5X miles on hotels, vacation rentals and rental cars booked through Capital One Travel
  • Miles won't expire for the life of the account and there's no limit to how many you can earn
  • Receive up to a $120 credit for Global Entry or TSA PreCheck®
  • Use your miles to get reimbursed for any travel purchase—or redeem by booking a trip through Capital One Travel
  • Enjoy a $50 experience credit and other premium benefits with every hotel and vacation rental booked from the Lifestyle Collection
  • Transfer your miles to your choice of 15+ travel loyalty programs
  • Top rated mobile app