Air India on Friday said that it has suffered a massive data breach, resulting from an attack on its servers by unknown hackers. Air India had talked about the hacking attack earlier in March, but the company says that it is only now when it has been able to ascertain that data of some 4500000 fliers has been leaked. This leaked data includes credit card details — but according to Air India not the CVV or CVC number — as well personal details like date of birth.
Air India says that it is sending an email to affected consumers. The company says that it is also investigating the whole incident, the hacker attack as well as data breach, further.
Here is what we know about the Air India hacking attack and the data breach.
— According to Air India, servers of its partner who processes passenger data were hacked earlier this year. These servers belong to the SITA PSS system that stores and processes passenger data. In other words, when you book a ticket with Air India, the data related to it is stored on the SITA PSS system.
— The SITA PSS systems were hacked earlier, though Air India does not specify when that happened. However, it says that it received information from the data processor on February 25 about the hacking attack. Subsequently in March, Air India said that some of its servers have been hacked.
– The company says that initially it wasn’t known that there was also a data breach due to the hacking attack. But on March 25 and on April 5 it was informed by the data processor that private and sensitive details of nearly 4500000 passengers had been leaked in the hacking attack.
— The leaked information includes credit card number and other credit card details, date of birth, ticket number, passport information, contact numbers, and even frequent flier number and the Star Alliance details. But, and so says Air India, the CVV or CVC numbers of credit cards or PIN details have not been leaked because these details Air India does not store.
— Air India says that passengers who have been affected by the data breach took a flight with it between August 26, 2011 to February 20, 2021. This also means that the hacking attack on SITA PSS servers happened between February 20 and February 25.
— Air India says that it is sending emails to affected customers, telling them the details of the hacking attack. Irrespective of whether you get an email from Air India or not, ideally you should change your password if you have an account with Air India.
