In a major cyber attack, the passenger data of 6 global airlines including Air India has been leaked, the list of other affected airlines also includes Malaysia Airlines, Finnair, Singapore Airlines, Lufthansa, and Cathay Pacific.
The per the details shared by the various media groups, the data of 45 lakh users have been compromised. The data includes credit card and passport details.
In a communique to its affected passengers, Air India informed that its SITA PSS server, which is responsible for storing and processing personal information of fliers, was subject to a cybersecurity attack.
“The breach involved personal data registered between 26th August 2011 and 20th February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data.” said the statement issued by Air India stated.
As for credit card details, CVV or CVC numbers were not stored in the affected server, Air India clarified.
“Our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world,” Air India further added.
The state-owned flight operator further noted that it had received the first notification related to the data breach from its data processor on February 25, 2021. However, the identity of affected data subjects was provided on March 25 and May 4, it added.