Massive Air India Data Breach Affects 45 Lakh Passengers

Air India on Friday reported having experienced a massive cyber data breach where the personal information of 45 lakh passengers was leaked. The data violation has impacted other global airlines like Malaysia Airlines, Finnair, Singapore Airlines, Lufthansa, and Cathay Pacific. 

The breach involving personal information registered between August 26, 2011, and February 3, 2021, included name, date of birth, contact information, passport information, ticket information, 'Star Alliance' and 'Air India' frequent flyer data as well as credit card details of the passengers. Only VV or CVC numbers were saved from the hands of the hacker as they were not stored in the affected server. 

Air India’s data processor, SITA PSS recently faced a cyber-security attack leading to data disclosure of few passengers. 

Later, the airline said the data processor has ensured that no abnormal activity was observed after securing the compromised servers.

SITA informed Reuters that the "matter remains under active investigation". 

To restore operations, the airline has contacted the affected customers and urged them to change their passwords that lead to their personal data. 

In its attempt to secure the compromised data Air India is consulting external cybersecurity experts along with few credit card issuers. 

“The airline is embroiled in a legal battle with British firm Cairn Energy with pressure on the Indian government to pay a $1.2 billion arbitration award that Cairn was awarded by an arbitration tribunal in December,” Reuters wrote.