Air India suffered a data breach, 4.5 million customers impacted

Air India disclosed a data breach that impacted roughly 4.5 million of its customers, two months after its Passenger Service System provider SITA was hacked.

Air India has disclosed a data breach that impacted 4.5 million of its customers, exposed data includes the personal information of customers registered between August. 26, 2011 and February. 3, 2021.

Customers’ details involved in the security breach include names, dates of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card data. The airline pointed out that neither CVV/CVC numbers associated with the credit cards nor passwords were impacted.

“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers.” reads the data breach notification sent to the customers. “This incident affected around 4,500,000 data subjects in the world. While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 & 5.04.2021. The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website.”

The company recommends passengers to change their passwords to prevent unauthorized access to their accounts and ensure their data security.

Air India had previously acknowledged its Passenger Service System provider SITA was the victim of a sophisticated cyber-attack in March 2021.

In March, SITA announced it suffered a highly sophisticated, hackers had access to certain passenger data stored on servers of SITA Passenger Service System (PSS). The total number of travelers impacted in the security breach is still unknown.

The cyberattack impacted multiple airlines, including Singapore Airlines, Lufthansa, Malaysia Airlines, Cathay Pacific, SAS-Scandinavian Airlines, Finland’s Finnair, Jeju Air, and Air New Zealand.

Singapore Airlines disclosed the security breach this week, the airline confirmed that approximately 580,000 members of its KrisFlyer frequent flyer program have been impacted.

The airline notified its customers and informed them that it doesn’t use the SITA PSS, but at least one of the 26 Star Alliance member airlines use the PSS system, and SITA has access to some frequent flyer program data for all Star Alliance airlines.

Air India is one of the airlines of the global airline network Star Alliance.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Air India)

[adrotate banner=”5″]

[adrotate banner=”13″]