In a massive cyberattack, ten years’ worth of Air India customer data including credit cards, passports and phone numbers were leaked in February, the airline said.
The data breach has compromised the personal data of nearly 45,00,000 people, registered between 26th August 2011 and 3rd February 2021. The data leak was caused by a sophisticated cyberattack on Geneva-based passenger service system provider SITA, which serves Star Alliance of airlines including Singapore Airlines, Lufthansa, and United besides Air India.
In an email to customers, Air India said, SITA PSS, our data processor of the passenger service system, had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world.
It further said that the breach involved personal data registered between 26 August 2011 and 3 February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data.
While the airline had received the first notification in this regard from their data processor on February 25, 2021, the identity of the affected data subjects was only provided to them on March 25, 2021 and April 5, 2021. As the data processor continues to take remedial actions, the airline company has encouraged passengers to change passwords wherever applicable to ensure safety of their personal data.
Read Also: Chipko movement pioneer Sunderlal Bahuguna, 94, succumbs to Covid-19
Last year, a data breach of more than 4 lakh customers of British Airways occurred, which incurred over ₹ 180 crores fine to the company. In the recent past, London-listed airline EasyJet failed to protect the data of around 90 lakh customers; the hackers had accessed the email and travel details.