Data of 4.5 million Air India passengers leaked
Air India's passenger service system provider SITA faced a sophisticated cyber attack in the last week of February this year leading to the leaking of personal data of 4.5 million passengers, which included passengers of the national carrier from across the world, an official statement by the Air India said on Friday. SITA is based out of Geneva in Switzerland.
Data registered between August 11, 2011-February 3, 2021 compromised
Personal data, including name, date of birth, contact information, passport information, ticket information, and credit card data, which was registered between August 11, 2011, and February 3, 2021, has been leaked of a certain number of Air India's passengers, the statement issued by the airline said. However, with respect to credit card data, CVV/CVC numbers are not held by SITA, the airline clarified.
No unwarranted activity has been detected since
While the level and scope of sophistication of the cyber attack are being ascertained through forensic analysis, SITA has confirmed that no unauthorized activity has been detected inside the system's infrastructure after the incident. "We and our data processor are taking remedial actions. Meanwhile, we would encourage passengers to change passwords wherever applicable to ensure the safety of their personal data," the airline said.
Regulatory agencies have been informed about the incident
"Air India in the meantime is in liaison with various regulatory agencies in India and abroad, and has apprised them about the incident in accordance with its obligations," the airline said. It further added that the identity of its affected passengers was provided to the organization by SITA on March 25 and April 5 only.
Airline has taken necessary steps to ensure safety
Air India along with the service provider is carrying out a risk assessment and would further update as and when it becomes available. The airline has taken the following steps after the incident: Secured the compromised servers, engaged external specialists of data security incidents, notified and in talks with the credit card issuers, and reset the passwords of the Air India frequent flyer program.