Air India server hacked; data of 4.5 million consumers compromised, CFO News, ETCFO

Personal details like passport, credit card and frequent flier data of about 4.5 million Air India consumers has been compromised after the airline’s passenger system – managed by SITA – was hit by a cybersecurity attack in February this year, the airline said.

“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world,” the national carrier said in a statement.

The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data.

“However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor,” said the airline.

The airline’s statement added that they had received the first notification in this regard from their data processor on 25.02.2021.

“We would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 & 5.04.2021. The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website,” the airline further said.

The airline added that they took measures like securing the compromised server to ensure safety of the data were immediately taken:

The airline said that they ‘investigated the data security incident; Securing the compromised servers; Engaging external specialists of data security incidents; Notifying and liaising with the credit card issuers;Resetting passwords of Air India FFP program.’

Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers, the airline added.

“While we and our data processor continue to take remedial actions including but not limited to the above, we would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data,” read the statement from the airline.

This is not the first time Indian companies are facing cyber attack. In June 2020, Power outage was reported in Mumbai that was reportedly done by the Chinese hackers.

Latest news