Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label SITA. Show all posts

Emails and Passwords of Government Officials Exposed due to Data Breaches

 

Hundreds of Union government officials' emails and passwords have been exposed to hackers as a result of recent data breaches of Air India, Domino's, and Big Basket, according to the government. The Hindu obtained a copy of an internal document that stated that compromised emails on government domains such as @nic.in and @gov.in are potential cyber threats because they are being exploited by "adversaries" to send malicious emails to all government users. 

A malicious web link provided on WhatsApp and SMS days after the alert was sent on June 10 targeted many government offices, including Defence Ministry officials, requesting them to update their vaccination status. The message directed officials to https://covid19india.in to generate a digital certificate of COVID-19 inoculation, forwarding them to a page called "@gov.in," which looks similar to the government website mygov.in, and asking for their official e-mail and password. 

According to cyber expert Rajshekhar Rajaharia, the website was hosted in Pakistan in June. “The page mentioned @nic.in email IDs to make the official believe it is a government page. The purpose seemed to be getting the e-mails and passwords of only government officials and get unauthorised access to government systems, the page does not accept any other domain such as gmail.com,” said Mr. Rajaharia. 

On May 15, Air India informed passengers that its passenger service system, which is provided by multi-national IT company SITA, was the target of a sophisticated cyber-attack in the last week of February that affected nearly 45 lakh “data subjects” worldwide who registered between August 26, 2011 and February 3, 2021. Officials from the government are frequent travellers on Air India. 

The alert sent to officials said, “It is intimated that recent data breaches of Air India and other companies like Domino’s, Big Basket etc. have resulted in exposure of e-mail ID and passwords of many users, which includes lots of government email IDs as well. All such compromised gov. domain emails are potential cyber threats as they are being used by the adversaries to send out malicious mails to all gov email users. It may please be noted that largely these are name based email IDs which are available with the malicious actors.” 

On March 1, the Union Power Ministry announced that multiple Indian power centres had been targeted by “state-sponsored” Chinese cyber gangs. Recorded Future, a cyber security and intelligence organization based in the United States, determined that Chinese state-sponsored actors may have infiltrated Indian power grids and seaports with malware.

SITA Data Breach Exposes Numerous Airlines

 


After SITA gave an official statement last Thursday affirming it had been the subject of a sophisticated cyberattack, more airlines affirmed they had been directly influenced. It seems the SITA security breach affected all carrier members of Star Alliance and the One World alliance. In a statement, SITA representative Edna Ayme-Yahil declined to say the number of airlines that were affected by the breach. The organization additionally didn't give numerous details on the kind of information compromised, however it noticed that the information incorporates some personal data of airline customers, including frequent flyer account data. 

"Each affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories,"Ayme-Yahil said. Up until now, Singapore Airlines, Air New Zealand, Lufthansa, Malaysia Airlines, Finnair, Japan Airlines, Cathay Pacific, and South Korea's Juju Air have independently disclosed the impact from the breach, she noted. 

Star Alliance member Singapore Airlines, for instance, said that 580,000 members from its KrisFlyer and PPS loyalty program have had information exposed by the breach, despite the fact that the carrier isn't a SITA Passenger Service System client. Singapore said the breach doesn't include credit card information or data such as itineraries, passport numbers, and email addresses. Star Alliance member Lufthansa said 1.35 million Miles and More members have been affected by the breach. Member names and status levels were exposed, however, no passwords or email addresses were exposed. 

Tomi Pienimaki, the chief digital officer for Oneworld member Finnair, said around 10% of the carrier's loyalty customers have been targeted. "To be honest, I was not surprised in itself that the air industry was subjected to such an attack, because the industry is in a difficult situation and therefore vulnerable," he wrote in a LinkedIn post. "Once we have been informed, all we have to do is clarify the matter and ensure the integrity of our own systems day and night." 

"SITA acted swiftly and initiated targeted containment measures," the company said. "The matter remains under continued investigation by SITA's Security Incident Response Team with the support of leading external experts in cybersecurity."

Around 580,000 Privilege Fliers Data Breached, says Singapore Airlines

 

Around 580,000 privilege fliers, KrisFlyer and PPS members have been affected by an information breach, Singapore Airlines (SIA) has said. The information breach includes the passenger service system servers of SITA, an air transport data technology organization, as indicated by the Channel News Asia report.

"While SIA is not a customer of the SITA PSS, this breach of the SITA PSS server has affected some KrisFlyer and PPS members," the national carrier said on Thursday. SIA added that this information breach explicitly doesn't include KrisFlyer and PPS member passwords, credit card data, and other client information like itineraries, reservations, ticketing, passport numbers, and email addresses. 

Such data isn't imparted to other Star Alliance member airlines for this information transfer, the airline said. All-Star Alliance member airlines give a confined set of frequent flyer programme information to the alliance, which is then sent on to other member airlines to reside in their respective passenger service systems. SIA said this information transfer is important to empower verification of the membership tier status. 

One of the Star Alliance member airlines is a SITA PSS client. Subsequently, SITA has access to the restricted set of frequent flyer programme information for each of the 26 Star Alliance member airlines including Singapore Airlines. "The information involved is limited to the membership number and tier status and, in some cases, membership name, as this is the full extent of the frequent flyer data that Singapore Airlines shares with other Star Alliance member airlines for this data transfer," said SIA. 

SIA said none of its IT systems have been affected by the breach and that they are contacting all KrisFlyer and PPS members to inform them about the incident. "The protection of our customers' personal data is of utmost importance to Singapore Airlines, and we sincerely regret the incident and apologize for the inconvenience caused." SITA affirmed in a different statement that it was the "victim of a cyber-attack" which prompted the information security incident. In the wake of affirming the seriousness of the incident on February 24, SITA said it made a prompt move to contact the affected SITA passenger service system customers and all related organizations.