Credit card, passport details of 45 lakh Air India flyers stolen in massive cyber attack

<p>
<strong>Air India customer data including details of credit cards, passports and phone numbers have been leaked in a massive cyber-attack on its data processor in February this year, the national airline has disclosed.</strong></p>
<p>
Air India said the incident has affected around 45 lakh customers registered between 26th August 2011 and 3rd February 2021 and has now advised them to change their passwords to safeguard against fraud.</p>
<p>
The airline has made the disclosure on the huge magnitude of the leak  nearly three months after it came to know about it.</p>
<p>
"While we and our data processor continue to take remedial actions…We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data," Air India said in a message to its customers,</p>
<p>
The names, date of birth, contact information and ticket information have also been compromised in the 'highly sophisticated' attack that targeted Geneva-based passenger system operator SITA that serves the Star Alliance of airlines including Singapore Airlines, Lufthansa and United besides Air India.</p>
<p>
"SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," Air India said in an email to customers.</p>
<p>
"While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021," it added.</p>
<p>
"The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data. However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor," the airline said.</p>
<p>
Air India said it had launched an investigation into the incident and took steps including securing the compromised servers, engaging external specialists of data security incidents, contacting credit card issuers and resetting passwords of its frequent flyer programme.</p>
<p>
SITA had publicly announced the incident first in March prompting almost a dozen different airlines including Singapore Airlines and Malaysia Airlines to inform passengers that some of their data was accessed by an intruder.</p>
<p>
In a similar incident last year, British Airways had pay a 20 million-pound fine for failing to protect data that exposed more than 4 lakh of its customers' details to a hackers in 2018.</p>