On February 24, 2021, SITA — one of the world’s largest aviation IT companies, serving approximately 90% of global airlines through its Passenger Service System (PSS) — detected and contained a “highly sophisticated” cyberattack on its PSS servers. SITA’s Horizon PSS platform underpins reservations, ticketing, check-in, and departure control for numerous airline alliances and individual carriers. The attack was disclosed publicly on March 4, 2021, after SITA notified affected airline customers.

The breach compromised frequent flyer program data held by SITA on behalf of member airlines in the Star Alliance and oneworld alliances, along with several independent carriers. Exposed data was limited to frequent flyer membership numbers, tier/status levels, and in some cases passenger names — no passwords, payment card information, passport numbers, reservations, or contact details were reported as compromised. Airlines that publicly confirmed customer impact included Singapore Airlines (~580,000 KrisFlyer members), Air New Zealand, Lufthansa (Miles & More, the largest frequent flyer program in Europe, accounting for the majority of the 2.1 million+ total affected individuals), Finnair (Finnair Plus), Malaysia Airlines (Enrich), SAS (EuroBonus), Cathay Pacific (Asia Miles), Japan Airlines (JAL Mileage Bank), United Airlines (MileagePlus), American Airlines (AAdvantage), and Jeju Air (South Korea). British Airways also acknowledged the incident.

The Star Alliance and oneworld alliances coordinated member notifications. Singapore Airlines was among the first to disclose, explaining that its KrisFlyer data was processed by SITA PSS as part of interline and code-share operations.

SITA stated it informed all affected PSS customers immediately upon containing the attack. The exact technical method of the initial compromise — whether credential theft, vulnerability exploitation, or another vector — was not publicly disclosed. Attribution was not made public. The attack highlighted the cascading exposure risk of a single aviation IT infrastructure provider holding data for dozens of carriers simultaneously: a single system compromise at SITA automatically translated into breach notifications for over a dozen global airlines and millions of passengers.