What we know about the data breach targeting frequent flyer info

Mar 5, 2021

This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. Terms apply to the offers listed on this page. For an explanation of our Advertising Policy, visit this page.

A “highly sophisticated” cyber attack targeting frequent flyer data has affected at least 11 airlines around the globe, including U.S. carriers American and United. The Feb. 24 incident targeted SITA, a technology provider that helps process communications and passenger information across numerous carriers.

Fortunately for customers, the hackers were not successful in stealing critical information like customer passwords or credit card information, according to both SITA and the affected airlines. Instead, the breach appears to have been limited to data such as frequent flyer account numbers and status levels.

“We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active,” SITA said in a Friday statement acknowledging the incident, which it said “remains under continued investigation.”

Want more airline-specific news? Sign up for TPG’s free new biweekly Aviation newsletter!

“This was a highly sophisticated attack,” the company added.

Affected airlines also have begun reaching out to customers. Despite early reports that the breach may have affected only carriers of the Star Alliance frequent flyer group, other airlines have also been exposed.

In the U.S., both United and American had started emailing customers on Friday afternoon.

“It’s our understanding that the only information potentially accessed were customer names, MileagePlus numbers and Star Alliance statuses (Silver or Gold),” United said in an email to its members. “Importantly, no other personal information or passwords were exposed that would allow anyone to access your MileagePlus account.”

American sent out a similar email to customers.

Cyber secure: How to protect yourself against reward program data breaches

Neither are customers of SITA’s passenger service system, though their frequent-flyer information seems to have been exposed via partners that are. The system can, among other things, allow airlines to share tier status information with each other so that airlines can offer elite benefits to eligible customers of their partners.

At least nine other carriers were affected, according to media reports and emails sent by carriers. They include Cathay Pacific, Finnair, Japan Airlines, Jeju Air of Korea, Lufthansa, Malaysia Airlines, SAS and Singapore Airlines. Delta Air Lines told TPG that it had no indication it was exposed to the breach.

Still, Skift estimates that “more than two million travelers enrolled in the frequent flier programs (of the affected) airlines had some of their data hacked.”

While SITA and the airlines say no sensitive information was taken, some carriers suggested customers could change their passwords “out of an abundance of caution.”

Featured photo by Johner Images/Getty Images

Delta SkyMiles® Platinum American Express Card

Earn 50,000 bonus miles and 5,000 Medallion® Qualification Miles (MQMs) after you spend $2,000 in purchases on your new card in your first three months of card membership. Plus, earn up to $100 back in statement credits for eligible purchases at U.S. restaurants with your card within the first 3 months of membership.

With Status Boost™, earn 10,000 Medallion Qualification Miles (MQMs) after you spend $25,000 in purchases on your Card in a calendar year, up to two times per year getting you closer to Medallion Status. Earn 3X Miles on Delta purchases and purchases made directly with hotels, 2X Miles at restaurants and at U.S. supermarkets and earn 1X Mile on all other eligible purchases. Terms Apply.

Apply Now
More Things to Know
  • Earn 50,000 bonus miles and 5,000 Medallion® Qualification Miles (MQMs) after you spend $2,000 in purchases on your new Card in your first 3 months.
  • Plus, earn up to $100 back in statement credits for eligible purchases at US restaurants with your card within the first 3 months of membership.
  • Accelerate your path to Medallion Status, with Status Boost®. Plus, in 2021 you can earn even more bonus Medallion® Qualification Miles (MQMs) to help you reach Medallion Status.
  • Earn 3X Miles on Delta purchases and purchases made directly with hotels.
  • Earn 2X Miles at restaurants worldwide, including takeout and delivery and at U.S. supermarkets.
  • Earn 1X Miles on all other eligible purchases.
  • Receive a Domestic Main Cabin round-trip companion certificate each year upon renewal of your Card. *Payment of the government imposed taxes and fees of no more than $75 for roundtrip domestic flights (for itineraries with up to four flight segments) is required. Baggage charges and other restrictions apply. See terms and conditions for details.
  • Enjoy your first checked bag free on Delta flights.
  • Fee Credit for Global Entry or TSA Pre✓®.
  • Enjoy an exclusive rate of $39 per person per visit to enter the Delta Sky Club® for you and up to two guests when traveling on a Delta flight.
  • No Foreign Transaction Fees.
  • $250 Annual Fee.
  • Terms Apply.
  • See Rates & Fees
Regular APR
15.74%-24.74% Variable
Annual Fee
$250
Balance Transfer Fee
N/A
Recommended Credit
Excellent/Good
Terms and restrictions apply. See rates & fees.

Editorial Disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airlines or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

Disclaimer: The responses below are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser’s responsibility to ensure all posts and/or questions are answered.