Cyber Incident Victim: Singapore Airlines

The cyber incident impacting Singapore Airlines stemmed from a breach at SITA, a critical aviation IT provider servicing approximately 90% of global airlines. On March 5, 2021, SITA publicly disclosed a "highly sophisticated attack" targeting its U.S.-based Passenger Service System (PSS) servers located in Atlanta. These systems processed airline passenger data, including frequent-flyer program information, for numerous carriers relying on SITA's infrastructure. The compromised PSS belonged to SITA's EU-headquartered corporate group but operated critical passenger data functions through its American infrastructure. SITA spokesperson Edna Ayme-Yahil confirmed the breach to media outlets, characterizing the intrusion as sophisticated without elaborating on specific attacker techniques or initial access vectors. The breach exposed passenger data stored on the Atlanta servers, though the precise volume of records and individuals affected across the airline ecosystem remained undisclosed.

Singapore Airlines, among other carriers utilizing SITA PSS, faced data exposure due to this supply-chain compromise. The airline acknowledged the incident through subsequent communications, confirming unauthorized access to its KrisFlyer and PPS membership program data via SITA's systems. Impacted information included passenger names, tier status, and membership numbers, though the airline asserted no passport, credit card, or password details were compromised. SITA initiated incident response procedures, securing the affected servers and launching forensic investigations to determine the breach's scope and root cause. The company notified impacted airlines and relevant authorities, prompting downstream notifications to passengers. This cascading breach underscored the systemic risks inherent in centralized aviation IT infrastructure, disrupting multiple airlines through a single vendor compromise and necessitating coordinated customer communication efforts across the industry.