Air India has been hit by a massive cyberattack in which personal details, including credit card information of lakhs of passengers, have been compromised. In a communication to affected users, the national carrier said that the data breach involved personal data registered between August 26, 2011, and February 20, 2021.
In this attack, details like name, date of birth, contact information, passport details, ticket information, Star Alliance and Air India frequent flyer data as well as credit card data were leaked. The cyber attack has also affected passengers of other airlines such as Malaysia Airlines, Finnair, Singapore Airlines, Lufthansa and Cathay Pacific.
Air India said – “SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world. “
“While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021,” it added.
However, the airline said that CVV / CVC numbers of customers’ credit cards were not held by its data processor, hence there is no fear of leak.