Air India has admitted to a massive data breach that compromised the personal data of about 4.5 million passengers. The hackers were able to access 10 years’ worth of data including names, passport and credit card details from the Atlanta-based SITA Passenger Service System, Air India said in a statement on May 21.It disclosed the scale of the breach nearly three months after it was first informed by the IT provider.The breach that happened in late February had compromised the data of some major global airlines, too. SITA at that time had said that Singapore Airlines, New Zealand Air and Lufthansa were among those affected.
Air India said almost 4.5 million passengers globally were affected in the “highly sophisticated” attack but did not specify how many of them were its travelers. It said no password data was breached during the attack and that the company was investigating.The breach, confirmation of which comes two months after SITA’s Passenger Service System (PSS) was hacked, affected customers who registered between August 2011 and late February 2021, Air India said in a statement. Compromised data includes customers’ name, data of birth, contact information, passport information, frequent flyer data and credit card data, although CVV/CVC numbers weren’t included.
Password weren’t accessed by the hackers, Air India added, although it’s urging all customers to change their passwords as a precaution.
The airline said it first learned of the incident on February 25, but only learned the identities of affected passengers on March 25 and May 4.The company said it recommended in an email to its customers that they should change their account passwords as a precaution.
Air India started as a mail carrier in 1932 before gaining commercial popularity. It has been incurring losses since its 2007 merger with a state-owned domestic carrier, Indian Airlines. The debt-laden carrier is currently in the process of finding new buyers.