Air India has issued an official statement saying that its passenger service system provider SITA was cyber attacked in a very sophisticated manner in the month of February. Personal data of 4.5 million passengers was leaked. These included some national carrier passengers from all over the world. The leaked personal data includes the name as well as date of birth, contact information, passport information, ticket information and credit card data registered between August 2011 to February 3, 2021.
“We are taking remedial steps to prevent this loss, till then we appeal to the passengers to change their passwords wherever possible to protect their personal information,” AI said.
This official statement said that the data of 4.5 million passengers, including Air India passengers, has been affected by this cyber attack on SITA. SITA is established in Geneva, Switzerland.
“We want to inform our valued consumers that our passenger service system provider was cyber-attacked in the last week of February 2021,” AI said.
Forensic analysis is being traced to how sophisticatedly this attack has been carried out. SITA confirmed that no unauthorized activity has been recorded in the infrastructure of the system since this incident.
The airline said, “We are in the meantime keeping in touch with various regulatory agencies in India and abroad, and we have also warned them of the obligations of this incident.”
In the context of credit card data, the airline said that we do not keep the information of CVV / CVC number under SITA.
On 25 March and 5 April, SITA gave information of the affected passengers to Air India. Air India, along with its service provider, is assessing this risk and will share information as soon as the related updates are available.
Following the incident, the airline has taken these steps – securing compromised servers, engaging experts in data security incidents from outside, talking to credit card issuing agencies and for Air India’s Frequent Flyer Program Reset their passwords.