Data of Air India passengers leaked in sophisticated cyberattack

By Sayujya S, Desk Reporter
  • Follow author on
Air India Image
Representational Image

According to an official statement, the passenger service system provider (SITA) of India’s national flag carrier Air India faced a sophisticated cyberattack in February this year leading to leak of personal data of 4.5 million passengers from across the world.

Personal data including name, date of birth, contact information, passport information, ticket information and credit card data which was registered between 11 August, 2011, and 3 February, 2021, has been leaked of a certain number of Air India’s passengers, the statement issued by the airline said.

“While we and our data processor continue to take remedial actions. We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data,” it said.

Sophisticated cyber attack

Data of 4.5 million passengers, which includes Air India’s passengers, across the world has been “affected” due to the cyberattack on SITA, the statement said. SITA is based out of Geneva in Switzerland.

“Air India would like to inform its valued customers that its passenger service system provider has informed about a sophisticated cyber attack it was subjected to in the last week of February 2021,” the airline said.

While the level and scope of sophistication is being investigated through forensic analysis and the exercise is ongoing, SITA has confirmed that no unauthorized activity has been detected inside the system’s infrastructure after the incident, it added.

“Air India meanwhile is in liaison with various regulatory agencies in India and abroad, and has apprised them about the incident in accordance with its obligations,” the airline said. However, the credit cards’ data like CVV/CVC numbers are not held by SITA, the airline clarified.

Air India along with the service provider is carrying out risk assessment and would further update as and when it becomes available, it said. The airline said it has secured the compromised servers, engaged external specialists of data security incidents, notified and is in talk with the credit card issuers and has also reset the passwords of Air India frequent flyer program.

Related: Cybersecurity leader Trend Micro blocked 62.6bn cyber threats in 2020