Another day, and here comes another cyber attack incident. This time it is a massive one and has affected many in India as well as globally. Personal data of 45 lakh Air India passengers globally has been leaked in a recent cybersecurity attack, and this has been confirmed by the airline itself. Also Read – Domino’s India data leak: Credit card details of 10 lakh users worth for Rs 4 crore put on sale
Hackers reportedly targeted Air India’s passenger service system that exposed crucial information such as credit card and passport details, among others. The incident was verified by the airline on Friday. Also Read – COVID-19 themed cyber-attack surge by 114 percent in Q4 2020: McAfee
In an official statement, Air India stated, “This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world.”
The cybersecurity breach involved personal data registered with the airline between August 26, 2011 and February 3, 2021. The exposed data of passengers include name, date of birth, contact information, passport information, ticket information and credit cards details. Air India clarified that CVV/CVC data of the credit card holders were not stored in the company’s database.
Data of 4.5 million passengers — which includes Air India’s passengers — across the world has been “affected” due to the cyberattack on SITA, the statement said.
SITA is based out of Geneva in Switzerland.
“Air India would like to inform its valued customers that its passenger service system provider has informed about a sophisticated cyber-attack it was subjected to in the last week of February 2021,” the airline said.
Air India along with the service provider is carrying out risk assessment and would further update as and when it becomes available, it said.
The airline said it has taken following steps after the data security incident: Secured the compromised servers, engaged external specialists of data security incidents, notified and in talk with the credit card issuers and reset the passwords of Air India frequent flyer programme. PTI