Skip to content
Go to Home Page
News

What we know about the data breach targeting frequent flyer info

March 05, 2021
3 min read
Woman using laptop in living room
What we know about the data breach targeting frequent flyer info
The cards we feature here are from partners who compensate us when you are approved through our site, and this may impact how or where these products appear. We don’t cover all available credit cards, but our analysis, reviews, and opinions are entirely from our editorial team. Terms apply to the offers listed on this page. Please view our advertising policy and product review methodology for more information.

A "highly sophisticated" cyber attack targeting frequent flyer data has affected at least 11 airlines around the globe, including U.S. carriers American and United. The Feb. 24 incident targeted SITA, a technology provider that helps process communications and passenger information across numerous carriers.

Fortunately for customers, the hackers were not successful in stealing critical information like customer passwords or credit card information, according to both SITA and the affected airlines. Instead, the breach appears to have been limited to data such as frequent flyer account numbers and status levels.

"We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active," SITA said in a Friday statement acknowledging the incident, which it said "remains under continued investigation."

"This was a highly sophisticated attack," the company added.

Affected airlines also have begun reaching out to customers. Despite early reports that the breach may have affected only carriers of the Star Alliance frequent flyer group, other airlines have also been exposed.

In the U.S., both United and American had started emailing customers on Friday afternoon.

Daily Newsletter
Reward your inbox with the TPG Daily newsletter
Join over 700,000 readers for breaking news, in-depth guides and exclusive deals from TPG’s experts

"It's our understanding that the only information potentially accessed were customer names, MileagePlus numbers and Star Alliance statuses (Silver or Gold)," United said in an email to its members. "Importantly, no other personal information or passwords were exposed that would allow anyone to access your MileagePlus account."

American sent out a similar email to customers.

Cyber secure: How to protect yourself against reward program data breaches

Neither are customers of SITA's passenger service system, though their frequent-flyer information seems to have been exposed via partners that are. The system can, among other things, allow airlines to share tier status information with each other so that airlines can offer elite benefits to eligible customers of their partners.

At least nine other carriers were affected, according to media reports and emails sent by carriers. They include Cathay Pacific, Finnair, Japan Airlines, Jeju Air of Korea, Lufthansa, Malaysia Airlines, SAS and Singapore Airlines. Delta Air Lines told TPG that it had no indication it was exposed to the breach.

Still, Skift estimates that "more than two million travelers enrolled in the frequent flier programs (of the affected) airlines had some of their data hacked."

While SITA and the airlines say no sensitive information was taken, some carriers suggested customers could change their passwords "out of an abundance of caution."

Featured image by JOHNER IMAGES/GETTY IMAGES
Editorial disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airline or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

TPG featured card

Capital One Venture Business

4 / 5
Go to review
Apply for Capital One Venture Business
Apply now
for Capital One Venture Business

at Capital One's secure site

Terms & restrictions apply. See rates & fees.

Rewards rate
2X milesEarn 2X miles per $1 on every purchase, everywhere
5X milesEarn 5X miles per dollar on hotels, vacation rentals and rental cars booked through Capital One Business Travel
Intro offer
Open Intro bonus
Limited-time offer: Earn up to 150,000 bonus miles
Annual fee
$95
Regular APR
24.49% (Variable)
Recommended credit
Open Credit score description
740-850Excellent

Pros

  • Simple earning structure
  • Bonus categories
  • Annual credits
  • No foreign transaction fees
  • Flexible redemption options, including transfer partners

Cons

  • Has an annual fee
  • Fewer bonus categories than some competitors
  • Lacks premium perks
  • Limited-time offer: Earn up to 150,000 bonus miles—75,000 miles once you spend $7,500 in the first 3 months, and an additional 75,000 miles once you spend $30,000 in the first 6 months
  • Earn unlimited 2X miles per dollar on every purchase, everywhere, no limits or category restrictions, and miles won't expire for the life of the account
  • Receive up to $220 in credits: Receive an annual $50 travel credit for bookings through Capital One Business Travel, up to an annual $50 statement credit for purchases at qualifying advertising or software merchants, plus up to a $120 credit for Global Entry or TSA PreCheck® every four years. Terms and conditions apply
  • Unlimited 5X miles on hotels, vacation rentals and rental cars booked through Capital One Business Travel
  • Transfer your miles to 15+ travel loyalty programs
  • Redeem your miles instantly for any travel-related purchases, from flights and hotels to ride-sharing services
  • $95 annual fee
  • Free employee cards which also earn unlimited 2X miles from their purchases
  • Top rated mobile app