Hack Exposes Data Of 4.5 Million Air India Passengers

Air India warns passengers their personal information including passport data, has been compromised in SITA software breach

Air India has admitted that at least 4.5 million of its passengers have had their personal data exposed after hack of a IT system belonging to a third party.

In its statement, Air India admitted that in late February, more than two months ago, SITA – its data processor of the passenger service system (that stores and processes the personal data of passengers) – suffered a ‘cybersecurity attack.’

The hack exposed data belonging to at least 4.5 million people, including names, passport information and payment details (but thankfully not CVV/CVC numbers and passwords).

Data breach

Air India said that it had been first notified of the breach on 25 February, but only learned the identities of affected passengers on 25 March.

“The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” stated the airline. “However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor.”

And it seems that other major airlines may have also been affected, including Star Alliance members such as Singapore Airlines, New Zealand Air and Lufthansa.

It is not clear at the time of writing, if all the 4.5 million customers impacted are Air India passengers, or passengers of other Star Alliance airlines.

“Air India would like to inform its valued customers that its Passenger Service System (PSS) provider has informed about a sophisticated cyber attack it was subjected to in the last week of February 2021,” Air India was quoted by Sky News as saying in a statement.

“While the level and scope of sophistication is being ascertained through forensic analysis and the exercise is ongoing, the service provider has confirmed that post incident, no unauthorised activity inside the PSS infrastructure has been detected,” it said.

A second press release reportedly added that, after the notification of the hack, the steps taken included: “Investigating the data security incident, securing the compromised servers, engaging external specialists of data security incidents, notifying and liaising with the credit card issuers and resetting passwords of Air India Frequent Flyer Program.”

“Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers,” it reportedly added.

“While we and our data processor continue to take remedial actions including but not limited to the above, we would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data,” it stated.

Airline breaches

This hack of Air India and potentially other Star Alliance airlines comes after other airlines experienced breaches over recent years.

In April 2018 Delta Airlines said credit card details of thousands of customers had been exposed following a cyber attack on a third party vendor that provided online chat services for the airline.

In August 2018 Air Canada’s mobile app suffered a data breach that may have compromised passport data.

Hong-Kong-based airline Cathay Pacific, also in 2018 admitted that its “data security event” that affected passenger data, was much worse than first reported.The airline had previously admitted that the personal data for 9.4 million passengers had been compromised in a hack.

And the breaches have continued.

In May 2020 budget airline easyJet admitted it has been subjected to a “highly sophisticated” cyber-attack that compromised the data of millions of customers.

In October 2020 British Airways was slapped with a record £20 million fine by the British data protection watchdog, the Information Commissioners Office (ICO), following a breach of its systems in 2018 that resulted in the data of 400,000 customers being harvested by attackers as it was entered.