Air India has announced today that it’s customer data including credit cards, passports and phone numbers have been leaked in a massive cyber-attack on its data processor that happened this February 2021.
Around 10 years’ worth of data has been compromised.
The incident has affected around 45 lakh customers registered between 26th August 2011 and 3rd February 2021, Air India said, disclosing the scale of the breach nearly three months after it was first informed of it.
Names, date of birth, contact information and ticket information have also been compromised in the ‘highly sophisticated’ attack that targeted Geneva-based passenger system operator SITA that serves the Star Alliance of airlines including Singapore Airlines, Lufthansa and United besides Air India.
Thankfully, passwords were not compromised
This is the second major airline data breach in last six months. Last December, some servers of IndiGo were also hacked and the airline had said there was a “possibility that some internal documents may get uploaded by the hackers on public websites and platforms.”
Air India said it has taken steps to ensure data safety, including “investigating the data security incident; securing the compromised servers; engaging external specialists of data security incidents; notifying and liaising with the credit card issuers and resetting passwords of Air India FFP program.
The airline also advises users to change their passwords wherever applicable to ensure safety of their personal data.
Also to be noted, CVV/CVC numbers of credit cards are not held by Air India’s data processor, so they are not affected by this breach.
Follow us on Facebook and Twitter for more security news and tech tips.
Author
