SINGAPORE: Singapore Airlines (SIA) has performed checks and confirmed that there are no unauthorised codes on its payment webpage, as a precaution following a recent British Airways data breach which saw the details of 380,000 bank cards stolen.
Senior Minister of State for Transport Janil Puthucheary revealed this in Parliament on Tuesday (Oct 2), in response to a question from Member of Parliament Saktiandi Supaat, about how local airlines are guarding against such data breaches.
"SIA is mindful that sophisticated attackers will continue to probe for vulnerabilities, and will remain vigilant and conduct regular checks and penetration tests on all scripts on its website," he said. "It will also continue to observe stringent data security standards for credit card payment processing."
Dr Puthucheary pointed out that the British Airways data breach and the SingHealth cyberattack, which saw the personal data of 1.5 million SingHealth patients stolen, are "sharp reminders" that with the greater adoption of digitalisation, all industries face cybersecurity threats.
"Our operating assumption is that our airlines will be targets, and they must do their best to protect themselves against such threats, and have a robust plan to prevent, detect, and recover should an attack succeed," he said. "They must also exercise their plan regularly so that all staff are fully aware of such a threat and take it seriously."
Furthermore, the Civil Aviation Authority of Singapore, which is the cybersecurity lead for the aviation sector, also works closely with Singapore carriers to strengthen their cybersecurity capabilities, he said.
Cyber threats, he said, are monitored through their security operations centres, and they carry out regular testing of their websites for vulnerabilities and screening for malicious web traffic.
They also closely monitor reports of breaches, and collaborate with others on cybersecurity.
He added that with respect to the security of passenger data, Singapore carriers are also required to comply with the Personal Data Protection Act and the data protection regulations of other states which they fly to.