Air India Reports Data Breach; 45 Lakh Passengers’ Data Compromised

Air India Reports Data Breach; 45 Lakh Passengers’ Data Compromised

SUMMARY

Air India had received the first notification of the cyber attack on 25th February

The breach involved personal data of users registered between 26th August 2011 and 3rd February 2021

While the airline says it is taking remedial actions, the company has advised passengers to change passwords wherever applicable to ensure safety of their personal data

A cyber-attack on the servers of national air carrier Air India resulted in a massive data breach and affected around 45 Lakh customers of the airline, it informed on Friday ( May 21). Leaked details, including passport and credit card information of these passengers, were compromised in the attack, Air India said in a statement.

“As part of our commitment, we would like to inform you that SITA PSS, our data processor of the passenger service system, recently notified Air India of a data security breach involving personal data of certain passengers, including yours,” the airlines said in a communication to the passengers whose data got stolen.

This incident affected around 4,500,000 data subjects in the world. Air India had received the first notification in this regard on 25th February. The company clarified that the identity of the affected users was only clear to them by 25th March and 5th April respectively. “The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website,” said the statement.

The breach involved personal data of users registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data as well as credit cards data. However the passwords of frequent flyers were not  affected, said the statement. The airline also informed that credit card data like CVV/CVC numbers are not held by Air India data processors.

The company is currently investigating the data security incident. It did mention the exact nature of the attack. The airline is securing the compromised servers and engaging external specialists for data security incidents. Further, it stated that affected credit card issuers are being informed. The passwords for frequent flyer programs are also being reset.

While the airline has confirmed that they are taking remedial actions they also encourage passengers to change passwords wherever applicable to ensure safety of their personal data.

“Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers. The protection of our customers’ personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate continued support and trust of our passengers,” said the airline.

Why Indian Cos Remain Vulnerable To Data Breach

The Air India data breach is the second such incident in recent times. Some data servers of Indigo airlines were hacked in December. 

Recently, India stood 19th on the ranking of 21 countries in the National Privacy Test, according to the recent survey by virtual private network (VPN) provider NordVPN. The survey was launched in November 2020 and assessed the digital habits, privacy awareness and risk tolerance of over 48K participants from around the world.

According to the data shared by state-owned Indian Computer Emergency Response Team (CERT-In), over 26,100 Indian websites were hacked in 2020. This included 110 central ministry websites, 54 departmental websites and 59 state government websites. On the other hand,  17,560 websites were hacked in 2018 and 24,768 were hacked in 2019.

Indian government had decided to strengthen the country’s cybersecurity infrastructure by launching a policy in January 2020, but there hasn’t been an update on that front since then. The government has taken other measures like Cyber Swachhta Kendra (or botnet cleaning and malware analysis centre), formulation of cyber crisis management plan, and empanelment of security auditing organisations to support and audit the implementation of best practices.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Air India Reports Data Breach; 45 Lakh Passengers’ Data Compromised-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Air India Reports Data Breach; 45 Lakh Passengers’ Data Compromised-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Air India Reports Data Breach; 45 Lakh Passengers’ Data Compromised-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Air India Reports Data Breach; 45 Lakh Passengers’ Data Compromised-Inc42 Media
Air India Reports Data Breach; 45 Lakh Passengers’ Data Compromised-Inc42 Media
You’re in Good company