Air India has reported a huge data breach that exposed around 4.5 million passengers' personal information.
Registered customers between August 2011 and late February 2021 were compromised by the security incident. It was confirmed two months after the Passenger Service System (PSS) of SITA was compromised, according to Air India’s statement.
The names, contact details, dates of birth, credit card information, passport data, and frequent flyer data, of the customers, were all breached. However, the CVV/CVC numbers were not affected.
The hackers did not get access to passwords, as per Air India. But, the company is advising its customers that passwords should be changed as a safeguard.
In a notification to passengers, Air India said, "This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers."
The airline stated that it had taken measures to protect data privacy. It also said that it conducted an investigation on the security breach.
Moreover, Air India had patched the hacked systems, consulted with external specialists, contacted credit card companies, and updated its frequent flyer program’s passwords.
On February 25, the airline revealed it initially learned about the issue. While, on March 25 and May 4, the identities of those who were impacted, were revealed.
The Indian airline said, “By global and industry standards, we identified this cyber-attack extremely quickly. The matter remains under active investigation by SITA.”
“Each affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories, including some personal data of airline passengers,” it added.
Customers of Air India are probably to be not the only ones affected by the SITA breach. Customers who traveled on Singapore Airlines, Jeju Air, Air New Zealand, Malaysia Airlines, Cathay Pacific, SAS, Finnair, and Lufthansa were among those compromised.
Some of the airlines, as well as Air India, are members of the Star Alliance, a worldwide airline alliance that consists of 26 members, including Europe’s biggest airline, Lufthansa.
In previous months, Air India has become the latest Indian company to reveal a cyber attack. On the other hand, Spicejet, Air India's competitor, also reported a data hack last year.