An air transport information technology company, SITA, has informed Singapore Airlines (SIA) of a data security breach that affects around 580,000 KrisFlyer and PPS members, SIA said on Mar. 4, 2021.

SIA affected as part of Star Alliance

While SIA is not a customer of SITA's passenger service system servers (SITA PSS), one of the Star Alliance member airlines is.

All Star Alliance member airlines, including SIA, have to provide a restricted set of frequent flyer programme data to the alliance, which is sent to other member airlines.

This data transfer is necessary to enable verification of the membership tier status so as to accord member airlines' customers the relevant benefits while travelling, SIA explained.

One of the Star Alliance member airlines is a customer of SITA PSS.

As such, around 580,000 KrisFlyer and PSS members under SIA have been affected.

The seriousness of the cyber attack was confirmed on Feb. 24, SITA said in a separate statement.

SITA added that it took immediate action to contact its customers and all related organisations.

In SITA's statement, the security breach was described as a "highly sophisticated attack".

Only data shared with Star Alliance member airlines compromised

Information compromised is limited to the membership number and tier status, and, in some cases, membership name as this is the full extent of the data that SIA shared with other Star Alliance member airlines.

SIA said that the data breach does not involve KrisFlyer and PPS member's password, credit card information, passport numbers, itineraries, reservations, and email addresses.

None of SIA's systems has been affected by this incident, SIA reassured.

SIA apologised for the inconvenience caused to affected customers and promised to review the procedures with its partners and improve data security.

Affected customers would have received an email informing them of this incident.

Top photo via SIA website.