Comments
National carrier Air India’s servers were hacked, leading to a major data breach affecting nearly 45 lakh flyers globally. The hacked information, stored on the SITA passenger service system, included people’s personal details like name, date of birth, contact information, passport information, ticket details and credit card data.
“Our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to a personal data leak of certain passengers. This incident affected around 45,00,000 data subjects in the world,” said an Air India statement.
SITA is a Switzerland-based company that specialises in passenger processing, reservation systems, air transport communications and information technology. It entered into an agreement with Air India in 2017. SITA implemented Air India’s IT infrastructure to enable it to join Star Alliance.
The hackers have collected data of people for over a decade between August 26, 2011 and February 20, 2021. Fortunately, CVV/CVC numbers of cards are secure and have not leaked because they were not stored by the SITA PSS data processor. The details of Star Alliance and Air India frequent flyer data were hacked too, “but no passwords data were affected,” the airline clarified.
Air India received the first notification in this regard on February 25, 2021, “We would like to clarify that the identity of the affected data subjects was provided to us by our data processor on 25.03.2021 and 5.04.2021,” Air India said.
‘Sophisticated attack’
As a remedial measure, Air India has advised its customers to change all account passwords immediately, while the carrier is taking measures to secure its systems.
As the level and scope of sophistication are being ascertained through forensic analysis and the exercise is ongoing, “the service provider has confirmed that post incident, no unauthorised activity inside the PSS infrastructure has been detected,” the airline clarified.
According to a statement from SITA, “we recognise that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cyber-criminals have become more sophisticated and active.”
It added that while this was a ‘highly sophisticated attack’ “it was a limited cyber-attack that affected passenger personal data stored on servers in SITA PSS’ data centre in Atlanta, Georgia.”
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.