An official statement on Friday stated that Air India’s passenger service system provider SITA faced a complex cyber attack in February this year, which resulted in the leakage of 4.5 million personal data, including passengers from national airlines around the world. Personal data registered between August 11, 2011 and February 3, 2021, including name, date of birth, contact information, passport information, ticket information and credit card data, has leaked a certain number of Air India passengers, airlines The statement issued said.
It said: “Although we and our data processors continue to take remedial measures… We also encourage passengers to change their passwords in appropriate places to ensure the security of their personal data.”
The statement said that due to a cyber attack on SITA, the data of 4.5 million passengers worldwide (including those of Air India) have been “affected.”
SITA is headquartered in Geneva, Switzerland.
The airline said: “Air India wants to inform its valued customers that its passenger service system provider has informed it that it suffered a complex cyber attack in the last week of February 2021.”
It added that although the level and scope of complexity were determined through forensic analysis and the exercise is still ongoing, SITA has confirmed that after the incident, no unauthorized activity was detected within the system’s infrastructure.
The airline said: “At the same time, Air India is liaising with various regulatory agencies in India and abroad and has notified them of the incident.”
However, for credit card data, SITA does not hold CVV/CVC numbers, the airline clarified.
It said that the identities of the affected passengers were only provided to it by SITA on March 25 and April 5.
It said that Air India and service providers are conducting risk assessments and will update them further when available.
The airline stated that it has taken the following measures after the data security incident: protect the compromised server, hire external experts to handle the data security incident, notify the credit card issuer and discuss with it, and reset the Air India frequent flyer program password .