Skip to content
Go to Home Page
News

What we know about the data breach targeting frequent flyer info

March 05, 2021
3 min read
Woman using laptop in living room
What we know about the data breach targeting frequent flyer info
The cards we feature here are from partners who compensate us when you are approved through our site, and this may impact how or where these products appear. We don’t cover all available credit cards, but our analysis, reviews, and opinions are entirely from our editorial team. Terms apply to the offers listed on this page. Please view our advertising policy and product review methodology for more information.

A "highly sophisticated" cyber attack targeting frequent flyer data has affected at least 11 airlines around the globe, including U.S. carriers American and United. The Feb. 24 incident targeted SITA, a technology provider that helps process communications and passenger information across numerous carriers.

Fortunately for customers, the hackers were not successful in stealing critical information like customer passwords or credit card information, according to both SITA and the affected airlines. Instead, the breach appears to have been limited to data such as frequent flyer account numbers and status levels.

"We recognize that the COVID-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active," SITA said in a Friday statement acknowledging the incident, which it said "remains under continued investigation."

"This was a highly sophisticated attack," the company added.

Affected airlines also have begun reaching out to customers. Despite early reports that the breach may have affected only carriers of the Star Alliance frequent flyer group, other airlines have also been exposed.

In the U.S., both United and American had started emailing customers on Friday afternoon.

Daily Newsletter
Reward your inbox with the TPG Daily newsletter
Join over 700,000 readers for breaking news, in-depth guides and exclusive deals from TPG’s experts

"It's our understanding that the only information potentially accessed were customer names, MileagePlus numbers and Star Alliance statuses (Silver or Gold)," United said in an email to its members. "Importantly, no other personal information or passwords were exposed that would allow anyone to access your MileagePlus account."

American sent out a similar email to customers.

Cyber secure: How to protect yourself against reward program data breaches

Neither are customers of SITA's passenger service system, though their frequent-flyer information seems to have been exposed via partners that are. The system can, among other things, allow airlines to share tier status information with each other so that airlines can offer elite benefits to eligible customers of their partners.

At least nine other carriers were affected, according to media reports and emails sent by carriers. They include Cathay Pacific, Finnair, Japan Airlines, Jeju Air of Korea, Lufthansa, Malaysia Airlines, SAS and Singapore Airlines. Delta Air Lines told TPG that it had no indication it was exposed to the breach.

Still, Skift estimates that "more than two million travelers enrolled in the frequent flier programs (of the affected) airlines had some of their data hacked."

While SITA and the airlines say no sensitive information was taken, some carriers suggested customers could change their passwords "out of an abundance of caution."

Featured image by JOHNER IMAGES/GETTY IMAGES
Editorial disclaimer: Opinions expressed here are the author’s alone, not those of any bank, credit card issuer, airline or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.

TPG featured card

Bilt Palladium Card

4 / 5
Go to review
Apply for Bilt Palladium Card
Apply now
for Bilt Palladium Card

at Bilt's secure site

Terms & restrictions apply. See rates & fees.

Rewards rate
1XEarn up to 1X points on rent and mortgage payments with no transaction fee
2XEarn 2X points + 4% back in Bilt Cash on everyday purchases
Intro offer
Open Intro bonus
50,000 Bilt Points + Gold Status + $300 of Bilt Cash
Annual fee
$495
Regular APR
26.74 - 34.74% variable
Recommended credit
Open Credit score description
Good Credit, Excellent Credit

Pros

  • Unlimited up to 1 Bilt Point per dollar spent on rent and mortgage payments
  • Elevated everyday earnings with both Bilt Points and Bilt Cash
  • $400 Bilt Travel Portal hotel credit per year (up to $200 biannually)
  • $200 Bilt Cash annually
  • Priority Pass membership
  • No foreign transaction fees

Cons

  • Moderate annual fee
  • Housing payments may include transaction fees, depending on the payment method
  • Designed primarily for members seeking a premium, all-in-one card
  • Earn points on housing with no transaction fee
  • Choose to earn 4% back in Bilt Cash on everyday spend. Use Bilt Cash to unlock point earnings on rent and mortgage payments with no transaction fee, up to 1X.
  • 2X points on everyday spend
  • $400 Bilt Travel Hotel credit. Applied twice a year, as $200 statement credits, for qualifying Bilt Travel Portal hotel bookings.
  • $200 Bilt Cash (awarded annually). At the end of each calendar year, any Bilt Cash balance over $100 will expire.
  • Welcome bonus (subject to approval): 50,000 Bilt Points + Gold Status after spending $4,000 on everyday purchases in the first 3 months + $300 of Bilt Cash.
  • Priority Pass ($469/year value). See Guide to Benefits.
  • Bilt Point redemptions include airlines, hotels, future rent and mortgage payments, Lyft rides, statement credits, student loan balances, a down payment on a home, and more.