In early 2021, 11 airlines were affected by a cyberattack targeting frequent flyer data. This attack was actually done to SITA, a third-party system provider for the airlines. SITA's Passenger Service Systems (PSS) help process communications and passenger information for many carriers. Some of the airlines were not "customers" of SITA, but their passenger's frequent flyer information was part of the SITA database to enable verification of membership tier status and facilitate access to other benefits to customers. SITA explained to their customers that, while itineraries, reservations, tickets, passwords, and credit card information were not stolen, frequent flyer account numbers, member names, and status levels were stolen. More than 2 million travelers were estimated to have been impacted. Passengers from the One World Alliance and the Star Alliance airline groups, including United Airlines, American Airlines, Cathay Pacific, Finnair, Japan Airlines, Jeju Air of Korea, Lufthansa, Malaysia Airlines, SAS, and Singapore Airlines, were victims of this breach. SITA offers a number of services to airlines, including infrastructure maintenance, fare management information, and operational communications systems for airlines, airports, air navigation providers, governments, and others in the air travel ecosystem. Their products automate and facilitate passenger travel including secure check-in and boarding. While it's not clear that this breach affected any other SITA systems other than the PSS system, it did raise concerns about the breadth of potential impact from third-party vendors on air transportation. Discussion Questions 1. Why do you think airlines are targets of hackers? What information do they have that is of value to malicious actors? 2. How might a phishing email have led to this kind of breach? 3. What can managers do to reduce the threat of third-party (supply chain) vulnerabilities