Hack Exposes Data Of 4.5 Million Air India Passengers

Air India has admitted that at least 4.5 million of its passengers have had their personal data exposed after hack of a IT system belonging to a third party.

In its statement, Air India admitted that in late February, more than two months ago, SITA – its data processor of the passenger service system (that stores and processes the personal data of passengers) – suffered a ‘cybersecurity attack.’

The hack exposed data belonging to at least 4.5 million people, including names, passport information and payment details (but thankfully not CVV/CVC numbers and passwords).

Data breach

Air India said that it had been first notified of the breach on 25 February, but only learned the identities of affected passengers on 25 March.

“The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” stated the airline. “However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor.”

And it seems that other major airlines may have also been affected, including Star Alliance members such as Singapore Airlines, New Zealand Air and Lufthansa.

It is not clear at the time of writing, if all the 4.5 million customers impacted are Air India passengers, or passengers of other Star Alliance airlines.

“Air India would like to inform its valued customers that its Passenger Service System (PSS) provider has informed about a sophisticated cyber attack it was subjected to in the last week of February 2021,” Air India was quoted by Sky News as saying in a statement.

“While the level and scope of sophistication is being ascertained through forensic analysis and the exercise is ongoing, the service provider has confirmed that post incident, no unauthorised activity inside the PSS infrastructure has been detected,” it said.

A second press release reportedly added that, after the notification of the hack, the steps taken included: “Investigating the data security incident, securing the compromised servers, engaging external specialists of data security incidents, notifying and liaising with the credit card issuers and resetting passwords of Air India Frequent Flyer Program.”

“Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers,” it reportedly added.

“While we and our data processor continue to take remedial actions including but not limited to the above, we would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data,” it stated.

Airline breaches

This hack of Air India and potentially other Star Alliance airlines comes after other airlines experienced breaches over recent years.

In April 2018 Delta Airlines said credit card details of thousands of customers had been exposed following a cyber attack on a third party vendor that provided online chat services for the airline.

In August 2018 Air Canada’s mobile app suffered a data breach that may have compromised passport data.

Hong-Kong-based airline Cathay Pacific, also in 2018 admitted that its “data security event” that affected passenger data, was much worse than first reported.The airline had previously admitted that the personal data for 9.4 million passengers had been compromised in a hack.

And the breaches have continued.

In May 2020 budget airline easyJet admitted it has been subjected to a “highly sophisticated” cyber-attack that compromised the data of millions of customers.

In October 2020 British Airways was slapped with a record £20 million fine by the British data protection watchdog, the Information Commissioners Office (ICO), following a breach of its systems in 2018 that resulted in the data of 400,000 customers being harvested by attackers as it was entered.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

TikTok US Sales ‘Hit $16bn’, ByteDance Nears Meta In World Revenues

TikTok reportedly brought in $16bn in US last year, while parent ByteDance made $120bn worldwide,…

20 hours ago

Bankman-Fried Deserves Up To 50 Years In Jail, Prosecutors Say

Ahead of sentencing prosecutors argue ex-FTX boss Sam Bankman Fried deserves up to 50 years…

20 hours ago

Senators Take Up TikTok Bill After Italy Fine Over Harmful Content

Senators consider bill restricting TikTok after rapid House approval, as Italy competition regulator fines company…

21 hours ago

AI Security Company Backtracks On UK Testing Claims

Security company Evolv backtracks on claims UK government tested its controversial AI security scanning systems

21 hours ago

Norfolk County Council Wins $490m Payout From Apple

Apple agrees to $490m settlement of class-action lawsuit led by Norfolk County Council for allegedly…

22 hours ago

McDonald’s International Outage Caused By Third Party

McDonald's says outage affecting thousands of locations across world caused by third-party tech provider carrying…

22 hours ago