Air India ist die Airline. Mit denen bin ich nie geflogen. Woher haben die meine Daten?
Von BA kam nun auch eine email:
"We have been notified of a data breach at global technology company SITA, an IT services provider to many airlines around the world."
Weitere Details werden nicht genannt, ausser das man sein Passwort ändern soll... Spannend ist dann sowas:
"The password you use for your account is not held by SITA and has not been put at risk by this breach.
As a precaution, given the potential that customers have re-used passwords used for other websites, we are taking the following action to protect you:
Please log into your account and reset your password
Please create a new password that you have not used elsewhere
Once your password has been reset and you have completed a verification step, you will be able to regain full access to your account"
Hervorhebungen durch mich...
Dear Miles+Bonus member,
AEGEAN was notified by SITA (Société Internationale de Télécommunications Aéronautiques), a third party system provider of another Star Alliance airline, that it had experienced a cyber security incident involving certain passenger data that was stored in its passenger service system which is used to support airline operations.
In particular, the passenger data impacted by this incident was the name, membership number and tier status of Frequent Flyer Program members. These are the data made available by AEGEAN to Star Alliance and through SITA to other Star Alliance airlines, to allow Frequent Flyer status recognition around the world.
The incident did not affect members’ password or any other sensitive personal information (email, reservations, ID card or payment card information) which were not available in this database as they are not shared by AEGEAN or the other Star Alliance member airlines.
There is no evidence that your account data in AEGEAN Miles+Bonus program have been compromised or misused and no action is required on your side. The incident did not affect AEGEAN own systems in any way.
By this proactive communication, we intend to make you aware of the above and we kindly ask you to address or report at DPO@aegeanair.com any relevant query or issue.
Abweichend und damit auffallend jedoch, dass IBERIA alle Passwoerter der Vielfliegerkonten zuruecksetzt und die Kunden informiert, dass sie anschliessend ein neues Passwort setzen muessen.
Wozu Passwort ändern wenn diese Informationen doch gar nicht geklaut wurden?
Ich sehe den Sinn eines Passwort Wechsels anhand des kommunizierten Vorfalls auch nicht.
Habe trotzdem meine FFP Passwörter geändert, weil eben die Kommunikation einfach suspekt ist und ich durchaus mit einem größeren Umfang der ganzen Sache rechne.
Mal abwarten welche Airlines & Vielfliegersysteme sich noch so in den naechsten Tagen melden...
We're writing to make you aware of an incident involving a third-party system provider that stores airline passenger data for one of the Star Alliance member carriers.
The incident involved certain data being accessed from the third-party system provider. It's our understanding that the only information potentially accessed were customer names, MileagePlus numbers and Star Alliance statuses (Silver or Gold). Importantly, no other personal information or passwords were exposed that would allow anyone to access your MileagePlus account.
We have strong cyber security measures in place to protect your personal data, and both United and Star Alliance have reviewed our own systems and found no indications that they have been compromised in connection with this incident.
However, out of an abundance of caution, you may want to change your MileagePlus account password, and we recommend that all members do so regularly as a best practice.
Thank you for your loyalty, and we look forward to seeing you on board soon.
Questions and answers
• What happened?
Star Alliance was notified on Saturday, February 27, 2021, about a data incident at a third-party service provider of one of the Star Alliance member carriers. A limited amount of customer data for Star Alliance member carriers was accessed.
• What data has been affected?
Frequent flyer data stored in the third-party system, specifically first and last name, MileagePlus number and Star Alliance tier status (Star Gold or Star Silver only). No other personal information or account passwords for United customers were stored in the third-party system.
• What is the data used for?
Airlines use this information to recognize frequent flyer status of customers from Star Alliance member carriers to ensure that customers with status receive their benefits across the Alliance.
• What steps have been taken to ensure that the information is now secure?
Star Alliance and affected member airlines have been advised by the third-party service provider, SITA, that the incident has been contained and that the matter remains under SITA's continued investigation along with external specialist cybersecurity experts.
Ich bin auch betroffen. Die Email scheint für mich aber mehr als eine rechtlich Pflicht als offene Kommunikation zu sein. Die Servicenummer bringt den Hackern aber wesentlich weniger also noch vor 8 und mehr Jahren. Ob aber tatsächlich nur Servicenummer, Status und Name abgezweigt wurden - ist zumindest fraglich. Name oder doch noch Adresse? Die Betroffenen werden es vermutlich nie erfahren solange die ID Information nicht genutzt werden.