Air India Data Leak: Air India on Friday confirmed that personal data of 45 lakh passengers globally have been leaked in a recent cybersecurity attack. Hackers targeted Air India’s passenger service system, which exposed crucial information of passengers including credit card and passport details, name and email ID, among others. Also Read - Acer India data leak: More than 50GB personal data of users leaked in a massive breach
“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world,” Air India noted in an official statement released on Friday. Also Read - Beware of Joker Malware infected Android Apps: Here's how it affects your private data
Air India data breach explained
The cybersecurity breach involved personal data registered with the airline between August 26, 2011 and February 3, 2021. The exposed data of passengers include name, date of birth, contact information, passport information, ticket information and credit cards details. Air India clarified that CVV/CVC data of the credit card holders were not stored in the company’s database. Also Read - Dark Web Alert! Domino's India data of 180 million orders leaked online
“The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data. However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor,” the airline stated.
“While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 & 5.04.2021. The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website,” the airline added.
Air India has requested all passengers to change the passwords to their account on the official Air India website as well as wherever else applicable.