Air India Reports Data Breach; 45 Lakh Passengers’ Data Compromised

Air India had received the first notification of the cyber attack on 25th February

The breach involved personal data of users registered between 26th August 2011 and 3rd February 2021

While the airline says it is taking remedial actions, the company has advised passengers to change passwords wherever applicable to ensure safety of their personal data

A cyber-attack on the servers of national air carrier Air India resulted in a massive data breach and affected around 45 Lakh customers of the airline, it informed on Friday ( May 21). Leaked details, including passport and credit card information of these passengers, were compromised in the attack, Air India said in a statement.

“As part of our commitment, we would like to inform you that SITA PSS, our data processor of the passenger service system, recently notified Air India of a data security breach involving personal data of certain passengers, including yours,” the airlines said in a communication to the passengers whose data got stolen.

This incident affected around 4,500,000 data subjects in the world. Air India had received the first notification in this regard on 25th February. The company clarified that the identity of the affected users was only clear to them by 25th March and 5th April respectively. “The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website,” said the statement.

The breach involved personal data of users registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data as well as credit cards data. However the passwords of frequent flyers were not  affected, said the statement. The airline also informed that credit card data like CVV/CVC numbers are not held by Air India data processors.

The company is currently investigating the data security incident. It did mention the exact nature of the attack. The airline is securing the compromised servers and engaging external specialists for data security incidents. Further, it stated that…