Hackers gain access to personal details of 4.5 million customers

An Air India passenger flight prepares to land at Biju Patnaik International Airport in the … [+]
NurPhoto via Getty Images
Air India has admitted a massive data breach that compromised the personal data of approximately 4.5 million passengers.
The breach, confirmed two months after SITA’s passenger service system (PSS) was hacked, affected customers who checked in between August 2011 and the end of February 2021, Air India said in a statement. Compromised data includes customer name, birth data, contact details, passport information, frequent flyer data, and credit card data, although CVV / CVC numbers were not included.
Hackers did not gain access to the password, Air India added, although it urges all customers to change their passwords as a precaution.
The airline said it first learned of the incident on February 25, but did not learn the identities of the affected passengers until March 25 and May 4.
“This is to inform that SITA PSS, our passenger service system data processor (which is responsible for storing and processing passenger personal information) had recently been subjected to a cybersecurity attack leading to a leak personal data of some passengers, ”Air India said in a violation notification sent over the weekend.
The airline said it had taken steps to ensure data security, including “investigating the data security incident; secure compromised servers; engage external data security incident specialists; notification and liaison with credit card issuers; and Air India FFP program passwords reset. “
However, Air India customers are unlikely to be the only victims of the SITA hack. The company told Bleeping Computer in a statement that customers of several airlines were affected, including travelers who traveled with Air New Zealand, Cathay Pacific, Finnair, Jeju Air, Lufthansa, Malaysia Airlines, SAS and Singapore Airlines.
“By global and industry standards, we identified this cyberattack extremely quickly. The case is still under active investigation by SITA, ”the company said.
“Each affected airline was given details of the exact type of data that was compromised, including details on the number of data records in each of the relevant data categories, including some personal data of airline passengers. “