Air India cyber attack exposes 4.5 million customers’ data

The breach involved personal data registered over a ten year period including credit card, passport and date of birth information

Air India has stated that a cyber attack three months ago on the systems of its data processor, SITA, has affected around 4.5 million of its customers around the world.

The breach involved personal data registered over a ten year period, between 26 August 2011 and 3 February 2021. The details exposed include name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data, and credit card data.

“However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor,” the company stated in a release.

Air India first received news of the incident from SITA on 25 February, but only found out the identity of the affected data subjects on 25 March and 5 April. Following the breach, a number of steps were taken including securing the compromised servers and notifying and liaising with credit card issuers.

A spokesperson from SITA told IT Pro that its passenger processing services were the target of a “highly sophisticated but limited cyber attack” which affected passenger data stored on servers in SITA PSS’s data centre in Atlanta, Georgia.

Related Resource

Defend your organisation from evolving ransomware attacks

Learn what it takes to reduce risk and strengthen operational resiliency

Defend your organisation from evolving ransomware attacks - whitepaper from VeritasDownload now

“By global and industry standards, we identified this cyber-attack extremely quickly. The matter remains under active investigation by SITA,” said the spokesperson.

The airline is encouraging its passengers to change passwords to ensure the safety of their personal data. 

In February this year, SITA disclosed that hundreds of thousands of passengers had their data stolen following a cyber attack on its systems. The company suffered a data breach on 24 February involving a portion of passenger data stored on its servers, which operate passenger processing systems on behalf of airlines including those compromising the Star Alliance group.

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Wipro and Google Cloud launch cloud innovation space in India
Cloud

Wipro and Google Cloud launch cloud innovation space in India

20 Sep 2021
Victoria launches $50 million cyber strategy
Policy & legislation

Victoria launches $50 million cyber strategy

20 Sep 2021
AWS to launch cloud services reseller in Australia
Amazon Web Services (AWS)

AWS to launch cloud services reseller in Australia

17 Sep 2021
Cyber crime in Australia increased 13% in the last year
cyber crime

Cyber crime in Australia increased 13% in the last year

15 Sep 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021