Air India Disclosed Data Breach Affecting 4.5M Customers In The Wake Of SITA Breach

Around two months after the SITA cyber attack, Air India has disclosed a data breach in the wake of the incident. The airline confirmed the exposure of personal details of 4.5 million passengers.

Air India Admit Data Breach

The Indian flag carrier airline Air India has disclosed a data breach affecting 4.5 million passengers via a security update.

The airline suffered this cyber-attack following the SITA data breach that happened in March 2021. That breach at the air transport technology giant caused a domino effect impacting numerous airlines globally.

While numerous airlines, predominantly, the STAR Alliance members, made such disclosures back then.

Air India, however, continued with investigations and has shared the details of the incident recently, following a generalized website disclosure.

Sharing the details in a data breach notification, the airline revealed that the incident leaked 4.5 million passengers’ personal data. These mainly include records between August 2011 and February 2021.

Regarding the details of this breached data, the notification reads,

The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data.

Nonetheless, since the airline does not record CVV/CVC numbers, this detail remained unaffected during the breach.

What Next?

Following this incident, Air India continued with the investigations alongside applying various security measures. These include protecting the compromised servers and notifying the credit card issuers of the matter. For all this, the airline involved cybersecurity specialists.

For now, the airline has assured no ‘abnormal activity’ after strengthening the compromised servers. However, out of caution, they have asked all the passengers to change their passwords. Also, they have reset the passwords for Air India FFP Program from their end.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil