A major cyber attack has hit global airlines including Air India, in which personal data of 45 lakh users have been compromised.
The national carrier issued a statement on Friday informing its passengers that its SITA PSS server, which is responsible for storing and processing personal information of fliers, was subject to a cybersecurity attack. The resultant data breach involved personal data registered between August 26, 2011 and February 20, 2021.
In this attack, details like name, date of birth, contact information, passport details, ticket information, Star Alliance and Air India frequent flyer data as well as credit card data were leaked. The cyber attack has also affected passengers of other airlines such as Malaysia Airlines, Finnair, Singapore Airlines, Lufthansa and Cathay Pacific.
However, the airline said that CVV/CVC numbers of customers’ credit cards were not held by its data processor, hence there is no fear of leak.
“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world,” read a statement released by Air India.
The national carrier received the first information regarding the data breach on February 25, and the identity of the affected data subjects was received on March 25 and April 5.
“The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of March 19, 2021, initially made via our website,” the statement further said.
Apprising passengers of the situation, the airlines requested all to change the passwords to their accounts on the Air India website and wherever else applicable.
“While we and our data processor continue to take remedial actions including but not limited to the above, we would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data. The protection of our customers’ personal data is of highest importance to us and we deeply regret
the inconvenience caused and appreciate continued support and trust of our passengers,” Air India said in the statement.