Air India has confirmed that data of up to 4.5 million passengers has been stolen by hackers after the airline suffered a major data breach.
Air India has confirmed that passport information, as well as credit card numbers and passenger names were implicated in the data breach on 4.5 million passengers.
The news comes roughly two months after an IT provider who works closely with airlines such as Air India, SITA, was targeted by a cyberattack looking to compromise sensitive information like passport and credit card details.
Get ISO 27001 – Information Security – Certification With Best Practice
Air India says that SITA notified the airline back in February that its data processing services had been targeted by hackers. SITA said that it was the victim of a “highly sophisticated attack” that impacted a number of airlines that the multinational works with in the aviation industry.
The company said that personal and financial data of customers that flew with Air India between August 2011 and February 2021 were impacted. This is said to amount to 4.5 million passengers that have had their sensitive information stolen by hackers.
It’s understood that while Air India was first notified of the data breach launched against SITA’s data processing services in February, Air India only disclosed its personal involvement last week.
SITA provides data processing services to airline members of the Star Alliance, which includes major airlines like Air New Zealand, Singapore AIrlines, Lufthansa, Air China, Thai Airways, Japan’s ANA and Aegean.
Some members of the Star Alliance notified customers back in March their IT services may have been implicated in a cyber attack, but said the data mainly related to frequent flyer numbers and passenger names.
Air India Confirms Data of 4.5 Million Passengers Stolen By Hackers
Air India has released a statement saying that “this is to inform that SITA PSS, our data processor of the passenger service system (which is responsible for storage and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers.”
Air India said that the data breach “affected around 4,500,000 data subjects in the world,” adding that “while the level and scope of sophistication is being ascertained through forensic analysis and exercise is ongoing, the service provider has confirmed that post incident, no unauthorised activity inside the PSS infrastructure has been detected.”
The airline added that it was “investigating the data security incident; surfing the compromised servers; engaging external specialists of data security incidents; notifying and liaising with the credit card issuers, and resetting passwords of Air India frequent flyer program.”
“While we and our data processor continue to take remedial actions including but not limited to the above, we would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data.”
“We deeply regret the inconvenience caused and appreciate continued support and trust of our passengers,” the airline added.
