Home News Personal Data of 4.5 Mn Passengers Exposed in Air India Data Breach

Personal Data of 4.5 Mn Passengers Exposed in Air India Data Breach

Personal data of 4.5 million Air India travelers has been exposed in a data breach. The attackers were able to access a decade worth of data after compromising SITA Passenger Service System that processes Air India’s passenger data.

Air India Data Breach

While most flight passengers want to make their air travel hassle-free during the pandemic, the growing cyberattacks on the aviation industry have become a challenge for several airlines. Travelers are skeptical and cautious about sharing their personal information with airlines in the wake of heightened security breaches.

Recently, India’s national airline Air India revealed that it sustained a sophisticated data breach in February 2021, which affected over 4.5 million passengers globally, after its data management service provider SITA Passenger Service System (SITA PSS) was hacked by unknown threat actors. SITA PSS is responsible for storing and processing of personal information of Air India passengers.

“While we had received the first notification in this regard from our data processor on February 25, 2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on March 25 and April 05, 2021. The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of March 19, 2021, initially made via our website,” Air India said.

 A Decade Worth of Passenger Data

Air India stated the data breach affected passengers who had registered between August 26, 2011, and February 3, 2021. It was found that the attackers managed to access a decade worth of passenger data including names, passport, credit card details, birth dates, contact information, passport information, ticket information, and Air India’s frequent flyer data from the SITA’s systems. However, the company clarified that CVV/CVC numbers were not exposed in the incident.

Measures Taken by Air India After the Data Breach:

  • Investigating the data security incident
  • Securing the compromised servers
  • Engaging external specialists of data security incidents
  • Notifying and liaising with the credit card issuers
  • Resetting passwords of Air India FFP program

While there is no sign of any misuse of users’ leaked data, Air India urged passengers to update their passwords at the earliest to avoid any security risks.

 Multiple Airlines Affected

While SITA disclosed the cyberattack in February 2021, the consequences of it are being exposed recently. SITA provides its services to several global airlines including airports and government agencies. Alongside Air India, Star Alliance and One World airlines were affected by the security incident. Other popular airlines like Finnair, Japan Airlines, Jeju Air, Lufthansa, Air New Zealand, Malaysia Airlines, Cathay Pacific, and Singapore Airlines, which also use SITA’s services, were affected by various security breaches earlier.

Things Affected Flyers Need To Do

If you have booked an Air India flight between August 26, 2011, and February 3, 2021, update all account passwords of online banking and debit/credit card PINs as a precautionary measure. Also, keep a tab on your account transactions. If you find any suspicious transaction, immediately report it to your banker. Usually, cybercriminals leverage leaked data to target users in various phishing attempts. Don’t click on any suspicious links received via SMS or email from an unknown source.