In a public statement issued, national airline Air India confirmed a massive data breach on its data processor, SITA PSS (Passenger Service System). The attack is said to have compromised data of 4.5 million passengers who had registered between 26th August 2011 and 3rd February 2021.
The data leaked includes names, date of birth, credit card details, contact information, passport details, and ticket information of passengers. Air India stated that while they were notified about the attack on 25-02-2021, the identity of the affected passengers and the nature of the data leaked were made available to them only on 25-03-2021 and 05-04-2021. Addressing the panic, they stated that their servers don’t store CVV/CVC numbers and no attacks have been reported on the password data as well. While working on their remedial realms, the company also advised customers to change their passwords wherever possible to ensure the safety of their data.
SITA had confirmed on March 4, a data breach on their SITA Passenger Service System (US) Inc. servers, though the extent of the impact on different airlines was unknown then. The Geneva-based passenger service system serves the Star Alliance of airlines including Air India. SITA stated that they had identified the potential risk as soon as possible and had individually notified each airline regarding what data has been leaked.
Air India said that they have initiated an investigation and are ensuring all necessary precautions to prevent future repetitions of similar incidents. They have called upon data security experts and have also notified credit card issuers regarding the breach. The frequent flying program’s passwords are also being updated.
Meanwhile, experts also highlighted the necessity of Indian airlines to work on their security measures and also notify the passengers right away in case of a security breach. An immediate assurance and guidance are much called for along such adversities.
Divya Alex
Content Writer, WCSF