In a major cyber attack that has hit global airlines, including Air India, data of 45 lakh users have been compromised. The data includes credit card details. The list of affected airlines includes Malaysia Airlines, Finnair, Singapore Airlines, Lufthansa and Cathay Pacific.
In a communique to its affected passengers, Air India informed that its SITA PSS server, which is responsible for storing and processing personal information of fliers, was subject to a cybersecurity attack. The resultant data breach involved personal data registered between August 26, 2011 and February 20, 2021. In this attack, details like name, date of birth, contact information, passport details, ticket information, Star Alliance and Air India frequent flyer data as well as credit card data were leaked.
As for credit card details CVV or CVC numbers were not stored in the affected server, Air India clarified.
"While we had received the first notification in this regard from our data processor on February 25, 2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on March 25, 2021 and April 5, 2021. The presen communication is an effort to apprise you of accurate state of facts as on date and to supplement our general announcement of March 19, 2021 initially made via our website," Air India said in an email to passengers.
The March 19 notification refers to a data breach alert issued by Air India where the airline said that its Passenger Service System was subject to a sophisticated cyber attack. The national carrier had confirmed that no unauthorised activity inside the PSS infrastructure was detected.
The airline had also urged its passengers to change their passwords wherever applicable to ensure safety of their personal data.