Data Leak Affected About 580,000 SIA Customers; Data Targeted by a Highly-Sophisticated Cyber-Attack


In the wide, expansive world that is the Internet, there exists trillions of tiny data bytes floating around, remembering almost all of the little details about people like you and me.

As groundbreaking as technology is, it makes it all the more dangerous, for other people can capture and steal these data that they’re not supposed to be seeing.

It’s a tragedy that not even large companies can stop sometimes.

Data Leak Of SIA Customers

Many of us may have patronised the national carrier when flying overseas, or may even be members of their KrisFlyer program.

Unfortunately, SIA has announced on 4 March, Thursday, that about 580,000 of such passengers have had their data compromised due to a leak that occured within an external air transport information technology company.

The membership numbers, tier status, and some membership names of KrisFlyer and PPS members were leaked out, SIA said.

However, this breach did not affect members’ passwords nor credit card information, or other customer data like itineraries, reservations, ticketing, passport numbers and e-mail addresses.

SIA’s spokesman reassured that with only the compromised data, one would not be able to retrieve any confidential customer data or miles.

“If someone calls our contact centres, additional secure information will be needed to clear the verification process before he or she can perform a transaction or access the data,” they said.

The Leak Originated From Sita

The data breach did not happen within SIA’s own systems, thankfully, but it originated from air transport information technology company Sita who had its passenger service system servers hacked into.

Although SIA themselves aren’t customers of Sita’s passenger service system, one of their 26 member airlines under the Star Alliance is.

All members of the alliance are required to provide frequent flyer programme data to it. Because one of the member airlines partners with them, Sita also managed to gain access to the limited customer data from all of the alliance’s airlines.

SIA said that the reason behind this network of information was to enable verification of members’ tier status as well as provide members with relevant benefits while travelling with all member airlines.

None of their IT systems have been affected, and they added that they will be contacting members who were affected and provide updates even for those who were not affected.

“The protection of our customers’ personal data is of utmost importance to Singapore Airlines, and we sincerely regret the incident and apologise for the inconvenience caused,” said SIA.

They also promised that they would improve necessary data security procedures and work closely with partners to review the current ones.


Meanwhile, Sita shared in a separate statement on the same day that they had been hit with a “highly sophisticated cyber-attack”, which means it’s not just some simple hacking, but a more atas one that’s infinitely more complicated.

Affected customers and related organisations were informed of the data breach on 24 Feb, after the firm realised and confirmed the severity of the data security incident.

“The matter remains under continued investigation by Sita’s Security Incident Response Team with the support of leading external experts in cyber-security,” added Sita.

Considering how frightening a data breach may become, maybe let’s think twice about setting our phone passwords to 0000 just because we’re lazy.

Feature Image: