A massive data breach on Air India's passenger service system has led to exposure of personal information belonging to lakhs of passengers. The national air carrier confirmed the cybersecurity attack on Friday, where it also revealed that details of 45 lakh passengers, including their credit card information and passport details, have been compromised.
"This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," read a statement released by Air India.
Air India data breached in a major Cyber attack. Breach involves Passengers personal Information including Credit Card Info and Passport Details. Other Global Airlines are likely affected too.#airindia #CyberAttack @airindiain@rahulkanwal @sanket @maryashakil pic.twitter.com/XxUORgInJQ
— Jiten Jain (@jiten_jain) May 21, 2021
Air India data breach: How serious is it?
According to the official statement, the data breach included names, date of birth, contact information, passport information, ticket information as well as credit cards data registered with the airline between August 26, 2011 and February 3, 2021. Air India said that it was first notified about the breach on February 25 and the identify of those affected was received on March 25 and April 25.
"The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website," the statement further said.
Air India has requested all of its passengers to change the passwords to their accounts on its website and also in other accounts that use a similar password. The airline also clarified that the CVV/CVC data of the credit card holders was not stored on its servers, hence safe from the cyberattack.