Months after the air transport data giant SITA reported a data breach, Air India has confirmed that the cyber attack in February has compromised the personal data of 4.5 million of its customers.

First disclosed over two months ago, threat actors had compromised servers belonging to SITA, Air India’s data processor of the passenger service system. 

The airline had been notified of the breach by SITA on 25 Februrary this year, but was unable to confirm those affected until SITA informed them on 25 March and 5 April. 

In a statement, the Air India explained that the breach involved personal data registered between August 26 2011 and February 3 2021 and included names, dates of birth, contact information, passport information, ticket information, Start Alliancce and Air India frequent flyer data as well as credit card data.

No password data were affected.

Air India claimed that affected servers were secured, credit card issuers were notified, frequent flyer passwords were reset and external investigators were engaged.

”While we and our data processor continue to take remedial actions including but not limited to the above, we would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data,” the airline added.

Malaysia Airlnes, Japan Airlines and Finnair were among other big names affected by the breach. 

To hear how this breach could have been prevented, make sure to register to PrivSec Global to hear industry leaders share their insights and best practices on cyber security and more.

Save your seat