Air India reveals data of 4.5 million passengers was stolen in SITA...

Air India reveals data of 4.5 million passengers was stolen in SITA cyberattack

Personal data of about 4.5 million passengers of Air India was leaked in a cyberattack on the airline’s data processor, the Indian state-run carrier Air India said in a statement.

The breach, confirmation of which comes two months after SITA’s Passenger Service System (PSS) was hacked, affected customers who registered between August 2011 and late February 2021. Compromised data includes customers’ name, date of birth, contact information, passport information, frequent flyer data and credit card data, although CVV/CVC numbers weren’t included.

Passwords weren’t accessed by the hackers, although the firm has urged all customers to change their passwords as a precaution.

“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers,” Air India said in a breach notification.

While the SITA cyber attack was first discovered at the end of February, Air India only understood the severity of the cyber attack last month. “We would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021,” it added.

The airline said it has taken steps to ensure data safety, including “investigating the data security incident; securing the compromised servers; engaging external specialists of data security incidents; notifying and liaising with the credit card issuers, and resetting passwords of Air India FFP program.”

However, Air India customers are unlikely the only victims of the SITA hack. The company told Bleeping Computer in a statement that customers from several airlines were affected, including travellers who flew with Air New Zealand, Cathay Pacific, Finnair, Jeju Air, Lufthansa, Malaysia Airlines, SAS and Singapore Airlines.

“By global and industry standards, we identified this cyber-attack extremely quickly. The matter remains under active investigation by SITA,” the company said.

“Each affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories, including some personal data of airline passengers.”

In March, Singapore Airlines disclosed 580,000 of its frequent flyer members were compromised in the cyber attack.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.

Download the FREE RegTech100 report

FREE

Download the RegTech100 report for 2023 with details on each solution

Essential training, knowledge and forward-thinking in RegTech

Enroll today and get 20% OFF the Professional RegTech Certificate

50,000+ RegTech leaders get exclusive industry stories delivered every week