Air India data breach: Personal info of 45 lakh people leaked due to 'sophisticated cyberattack' - India News
Air India data breach: Personal info of 45 lakh people leaked due to 'sophisticated cyberattack'
Air India has suffered a major data breach affecting nearly 45 lakh people worldwide. The leaked data included people's personal details like name, date of birth, contact information, passport information, ticket details and credit card data.
ADVERTISEMENT
Poulomi Saha
New Delhi
May 22, 2021UPDATED: May 22, 2021 14:22 IST
The leaked data was registered between August 26, 2011 and February 3, 2021. (File photo)
Amassive breach in Air India's server this February led to compromising personal data of nearly 45,00,000 people worldwide. The leaked data was collected between August 26, 2011 and February 20, 2021.
This included people's personal details like name, date of birth, contact information, passport information, ticket details, credit card data, among others.
The massive data leak was caused by a "sophisticated cyberattack" on Air India's passenger service system provider SITA.
"While we and our data processor continue to take remedial actions...We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data," Air India said in a statement.
CHECK THESE OUT
MORE
Exclusive: Picture of absconding murder accused Sushil Kumar sitting in a car in Meerut surfaces
Exclusive: Picture of absconding murder accused Sushil Kumar sitting in a car in Meerut surfaces
TRENDING
Will face sedition charges if I speak too much: BJP MLA on Uttar Pradesh govt’s handling of Covid
Will face sedition charges if I speak too much: BJP MLA on Uttar Pradesh govt’s handling of Covid
RECOMMENDED
Can pregnant, lactating women take Covid vaccine? Top doctors answer all your queries
Can pregnant, lactating women take Covid vaccine? Top doctors answer all your queries
RECOMMENDED
ALSO READ | Air India servers hacked, credit card details of fliers stolen: What we know so far
It added that data of 4.5 million passengers -- which includes Air India's passengers -- across the world has been "affected" due to the cyberattack on SITA. SITA is based out of Geneva in Switzerland.
"Air India would like to inform its valued customers that its passenger service system provider has informed about a sophisticated cyberattack it was subjected to in the last week of February 2021," the airline said in its statement.
It added that while the level and scope of sophistication is being ascertained through forensic analysis and the exercise is ongoing, SITA has confirmed that no unauthorised activity has been detected inside the system's infrastructure after the incident.
ADVERTISEMENT
"Air India meanwhile is in liaison with various regulatory agencies in India and abroad, and has apprised them about the incident in accordance with its obligations," the airline said.
ALSO READ | Mobikwik data breach said to be largest KYC leak, personal data of 3.5 million users up for sale on dark web
In regard to credit cards' data, Air India clarified that CVV/CVC numbers are not held by SITA.
It said that the identity of its affected passengers was provided to it by SITA on March 25 and April 5 only.
Air India along with the service provider is carrying out risk assessment and would further update as and when it becomes available, it said.
The airline said it has taken following steps after the data security incident: Secured the compromised servers, engaged external specialists of data security incidents, notified and in talk with the credit card issuers and reset the passwords of Air India frequent flyer programme.
Air India has suffered a major data breach affecting nearly 45 lakh people worldwide. The leaked data included people's personal details like name, date of birth, contact information, passport information, ticket details and credit card data.
ADVERTISEMENT
Poulomi Saha
New Delhi
May 22, 2021UPDATED: May 22, 2021 14:22 IST
The leaked data was registered between August 26, 2011 and February 3, 2021. (File photo)
Amassive breach in Air India's server this February led to compromising personal data of nearly 45,00,000 people worldwide. The leaked data was collected between August 26, 2011 and February 20, 2021.
This included people's personal details like name, date of birth, contact information, passport information, ticket details, credit card data, among others.
The massive data leak was caused by a "sophisticated cyberattack" on Air India's passenger service system provider SITA.
"While we and our data processor continue to take remedial actions...We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data," Air India said in a statement.
CHECK THESE OUT
MORE
Exclusive: Picture of absconding murder accused Sushil Kumar sitting in a car in Meerut surfaces
Exclusive: Picture of absconding murder accused Sushil Kumar sitting in a car in Meerut surfaces
TRENDING
Will face sedition charges if I speak too much: BJP MLA on Uttar Pradesh govt’s handling of Covid
Will face sedition charges if I speak too much: BJP MLA on Uttar Pradesh govt’s handling of Covid
RECOMMENDED
Can pregnant, lactating women take Covid vaccine? Top doctors answer all your queries
Can pregnant, lactating women take Covid vaccine? Top doctors answer all your queries
RECOMMENDED
ALSO READ | Air India servers hacked, credit card details of fliers stolen: What we know so far
It added that data of 4.5 million passengers -- which includes Air India's passengers -- across the world has been "affected" due to the cyberattack on SITA. SITA is based out of Geneva in Switzerland.
"Air India would like to inform its valued customers that its passenger service system provider has informed about a sophisticated cyberattack it was subjected to in the last week of February 2021," the airline said in its statement.
It added that while the level and scope of sophistication is being ascertained through forensic analysis and the exercise is ongoing, SITA has confirmed that no unauthorised activity has been detected inside the system's infrastructure after the incident.
ADVERTISEMENT
"Air India meanwhile is in liaison with various regulatory agencies in India and abroad, and has apprised them about the incident in accordance with its obligations," the airline said.
ALSO READ | Mobikwik data breach said to be largest KYC leak, personal data of 3.5 million users up for sale on dark web
In regard to credit cards' data, Air India clarified that CVV/CVC numbers are not held by SITA.
It said that the identity of its affected passengers was provided to it by SITA on March 25 and April 5 only.
Air India along with the service provider is carrying out risk assessment and would further update as and when it becomes available, it said.
The airline said it has taken following steps after the data security incident: Secured the compromised servers, engaged external specialists of data security incidents, notified and in talk with the credit card issuers and reset the passwords of Air India frequent flyer programme.
