45 Lakh Affected In Massive Air India Data Breach Including Credit Cards

The 10-year customer data of Air India including the credit cards, passports and phone numbers has been released in a major cyber attack on its data processor in February, the airline announced.

The incident affected about 45 lakh customers registered between August 26, 2011 and February 3, 2021, Air India said, revealing the extent of the breach about three months after it was first notified.

Names, birthdays, contact details and ticket details have also been tampered with in the ‘most iconic’ attack targeted at SITA a Geneva-based passenger system operating for Star Alliance for flights including Singapore Airlines, Lufthansa and United outside Air India.

Air India said that SITA PSS their passenger system data processor (responsible for storing and processing passenger personal information) has recently been hit by a cyber attack that has resulted in the leaking of personal passenger personal data. The incident has affected an estimated 4,500,000 data titles worldwide.

He added saying that when they received the first notification in this regard from our data processor on 25.02.2021, they would like to clarify that the ownership of the affected data titles was given to us only by their data processor on 25.03.2021 and 5.04.2021.

The airline said that the violations include personal details registered between August 26, 2011 and February 3, 2021, with details including name, date of birth, contact details, passport details, ticket details, Star Alliance and Air India (but there are no password details involved and credit card data. He said that however, in the case of this last type of data, CVV / CVC numbers are not held by their data processor.

45 Lakh Affected In Massive Air India Data Breach Including Credit Cards
45 Lakh Affected In Massive Air India Data Breach Including Credit Cards

Air India said it had launched an investigation into the incident and took steps to protect vulnerable servers, involving external data security experts, contacting credit card issuers and resetting passwords for its regular system.

The organisation said that while they and their data processors continue to take corrective measures … They also encourage passengers to change their passwords wherever possible to ensure the security of their data.

ISITA announced the incident for the first time in March, prompting about a dozen airlines, including Singapore Airlines and Malaysia Airlines, to inform passengers that some of their details had been obtained by a passenger.

Last year British Airways received a fine of Rs 20 million (over over 180 crore) after failing to protect data that left more than 4 lakh details of its customers in the wake of the 2018 cyber attack.

Other major cyber incidents in the past include another London-based airline, EasyJet, which last year hijackers received email and travel information for about 90 lakh customers.

About Staff reporter

Check Also

The Quantity of Covid Beds in Kolkata Hospitals Would Be Reduced

As the third wave of illnesses fades quickly, several hospitals expect to reduce the number of covid beds to the lowest level since the epidemic began in 2020.

Leave a Reply

Your email address will not be published. Required fields are marked *