Air India's passenger service system provider, SITA, faced a sophisticated cyberattack in February leading to personal data of passengers being leaked, the airline said.
The details include name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data, the airline said in a detailed statement uploaded on its website.
The incident affected around 45 lakh "data subjects" in the world and pertained to personal data registered between August, 2011 and February, 2021.
The airline said that it was first notified about the attack on February 2, 2021, and that it was provided the identity of the affected data subjects by its data processor on March 25, 2021 and April 5, 2021.
The airline advised its customers to change their passwords wherever applicable.
Air India said that it is investigating the data security incident and taken a slew of remedial measures to ensure data safety including securing the compromised servers,notifying and liaising with the credit card issuers and resetting passwords of the Air India Frequent Flying Programme.