New Delhi: A cyber-attack that happened on a server that stores the data of Air India passengers has reportedly caused the leakage of personal data of about 45 lakh people. The data of ten years stored in the server SITA PSS was found to have been compromised.
According to the national carrier's statement issued on May 21, the information stored on the passenger service system includes credit card and passport details.
"The SITA PSS, the data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers," the airline's statement said.
The resultant data breach involved personal data registered between August 26, 2011, and February 20, 2021.
The cyberattack on Air India, according to the airline, has affected the data of around 45 lakh flyers around the world.
In respect of credit cards data, Air India assured that CVV/CVC numbers are not held by their data processor. Further, the data processor has ensured that no abnormal activity was observed after securing the compromised servers.
The major cyber data breach has impacted another global airline associated with SITA PSS.
In a statement on Friday, Air India said the incident has affected around 4,500,000 data subjects in the world.
"The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, 'Star Alliance' and 'Air India' frequent flyer data (but no passwords data were affected) as well as credit cards data."
The airline said it is investigating the data security incident, securing the compromised servers, engaging external specialists of data security incidents, and notifying and liaising with the credit card issuers.
"While we and our data processor continue to take remedial actions including but not limited to the above, we would also encourage passengers to change passwords wherever applicable to ensure the safety of their data."
"The protection of our customer's personal data is of the highest importance to us and we deeply regret the inconvenience caused and appreciate continued support and trust of our passengers."