INDIA. Mumbai: A major cybersecurity attack targeting Air India’s passenger service system has exposed the personal information of over 45 lakh of passengers across the globe, including their credit card and passport details, the company said on Friday.
The breach involved personal data registered between 26 August 2011 to February 03, 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data. However, the airline clarified that the CVV/CVC data of the credit card holders were not stored in their data.
“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 45,00,000 data subjects in the world,” read a statement released by Air India.
The national carrier received the first information regarding the data breach on February 25, and the identity of the affected data subjects was received on March 25 and April 5, 2021.
“The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of March 19, 2021, initially made via our website,” the statement further said. Apprising passengers of the situation, the airlines requested all to change the passwords to their accounts on the Air India website and wherever else applicable.