Email
Password
Remember meForgot password?
    Log in with Twitter

article imagePersonal data relating to Singapore Airlines exposed in breach Special

By Tim Sandle     Mar 4, 2021 in Travel
News has come in about the Singapore Airlines breach. This is the second airline breach this week related to the attack on comms IT vendor SITA, which is a multinational information technology company providing IT services to the air transport industry.
The incident is where data relating to 580,000 Singapore Airlines' frequent flyer members has been compromised in a cybersecurity attakc. This attack that originally strucktje air transport communications and IT vendor, SITA, which enabled a gateway to open into the airline's systems. SITA has confirmed the security breach was the result of "a highly sophisticated attack".
According to the impacted airline, in a statement: "The information involved is limited to the membership number and tier status and, in some cases, membership name, as this is the full extent of the frequent flyer data that Singapore Airlines shares with other Star Alliance member airlines for this data transfer."
Looking into what to make of the issue is Ran Nahmias (ex Check Point, Microsoft), currently the cofounder and CBO of Cyberpion.
Nahmias looks at the SITA vulnerability: "The proliferated effect of the attack on SITA is yet another example of how vulnerable organizations can be solely on the basis of their connections to third party vendors. If these kinds of seemingly legitimate connections are not properly monitored and protected, they can result in damaging breaches that unleash highly confidential data as evidenced in this situation."
Nahmias also outlines why this issue is something that companies need to pay special attention to: 2With growing dependencies on digital supply chains and third parties comes the growth of the challenges of governing that attack surface from a cyber security perspective."
He adds, outlining further factors: "When you consider the need to monitor the potential risks across a vast ecosystem that includes vector associated DNS management, cloud providers, web properties, encryption, certificates and mobile infrastructures, the modern IT organization is not prepared to monitor, let alone, manage that risk. This is an environment where hackers and malicious actors thrive."
The main recommendation that Nahmias has is greater transparency of systems and simplification of processes, in concluding: "When there is a lack of clearly defined oversight and management processes, hackers are able to operate freely and inflict significantly more damage."
More about Airline, Data breach, Cyberattack
More news from
Latest News
Top News