Air India data breach: The cyber-attack that compromised the data of millions of passengers from across the world involved personal data registered between August 26, 2011 and February 20, 2021.
National carrier Air India has notified its passengers of a data breach that occurred in February at the SITA passenger service system. The airline said the breach involved data of 45 lakh passengers being leaked.
What is SITA and how is Air India involved?
SITA is a Switzerland-based technology company specialising in air transport communications and information technology. The company was started by 11 member airlines and now has over 2,500 customers in more than 200 countries. SITA offers services such as passenger processing, reservation systems, etc.
Air India had entered into a deal with SITA in 2017 to upgrade its IT infrastructure to enable it to join Star Alliance.At Air India, SITA also implemented an online booking engine, departure control system, check-in and automated boarding control, baggage reconciliation system and the frequent flyer programme.
What are the details of the Air India data breach?
- In March, Air India had said that SITA had flagged a cyber-attack it was subjected to in the last week of February and said it led to the leak of personal data of some of the airline’s passengers.
- In its notification to the affected passengers, the airline said that the cyber-attack that compromised the data of millions of passengers from across the world involved personal data registered between August 26, 2011 and February 20, 2021.
- It said the breached data included the passenger’s name, date of birth, contact information, passport information, ticket information, frequent flyer data and credit card information.
How did Air India respond to the incident?
- Following the incident, Air India said it took a number of steps. These include securing the compromised servers, engaging external data security specialists, notifying the credit card issuers and reseting the passwords of Air India frequent flyer programmes.
- While Air India assured its passengers that there was no evidence of any “misuse” of the data, it said it was in talks with regulatory agencies in India and overseas and also advised the passengers to change their passwords.