Massive Air India Data Breach Affects 45 Lakh Customers
New Delhi: Air India customer data including credit cards, passports and phone numbers for 10 years have been leaked following a massive cyber-attack on the data processor in February, announced the airline.
Around 45 lakh customers have been affected by the incident from August 26, 2011 to February 3, 2021, Air India said.
Names, date of birth, contact information and ticket information have also been compromised in the ‘highly sophisticated’ attack. The attack targeted Geneva-based passenger system operator SITA that serves the Star Alliance of airlines including Singapore Airlines, Lufthansa and United besides Air India.
“SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world,” Air India was quoted as saying in an email to customers by NDTV.
“While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021,” the airline added.
“The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data. However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor,” Air India said.