In what could be termed as the biggest cyberattack in India, the data of more than 45 lakh users of global airlines including Air India have been compromised. This includes personal data such as credit card details and passport information.
The data breach carries the information between August 2011 and February 2021.
Besides Air India, global airlines like Malaysia Airlines, Finnair, Singapore Airlines, Lufthansa, and Cathay Pacific’s data have also been stolen.
Air India tweeted to inform its affected passengers that its SITA PSS server, which is responsible for storing and processing personal information of fliers, was subject to a cybersecurity attack. The data breach involved personal data registered between August 26, 2011 and February 20, 2021. The data includes sensitive information such as name, date of birth, contact information, passport details, ticket information, Star Alliance and Air India frequent flyer data as well as credit card data were leaked.
As for credit card details, CVV or CVC numbers were not stored in the affected server, Air India clarified.
"While we had received the first notification in this regard from our data processor on February 25, 2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on March 25, 2021, and April 5, 2021. The present communication is an effort to apprise you of accurate state of facts as on date and to supplement our general announcement of March 19, 2021, initially made via our website," Air India said in an email to passengers.
The national carrier had further revealed that no unauthorised activity inside the PSS infrastructure was detected and urged its passengers to quickly change their passwords wherever applicable to ensure the safety of their personal data.