Personal information including name, date of birth, contact information, passport information, ticket information and credit card details of as many as 4.5 million Air India passengers was leaked in February due to a sophisticated cyberattack carried out on the national air carrier’s passenger service system provider SITA, the airline said on Friday.
While the extent and scope of the cyberattack is being probed through forensic analysis, the data collected by SITA between August 11, 2011, and February 3, 2021 has been breached, Air India said in a statement, requesting its passengers to change their passwords.
SITA is based out of Geneva in Switzerland.
"While we and our data processor continue to take remedial actions...We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data," the airline said in a statement.
The data breach has affected Air India’s passengers all across the world, the airline said.
"Air India would like to inform its valued customers that its passenger service system provider has informed about a sophisticated cyberattack it was subjected to in the last week of February 2021," the airline said.
However, SITA has confirmed that no unauthorised activity has been detected inside the system's infrastructure after the cyberattack, it added.
"Air India meanwhile is in liaison with various regulatory agencies in India and abroad, and has apprised them about the incident in accordance with its obligations," the airline said.
However, with respect to credit cards' data, CVV/CVC numbers are not held by SITA, the airline clarified.
It said that the identity of its affected passengers was provided to it by SITA on March 25 and April 5 only.
Air India along with the service provider is carrying out risk assessment and would further update as and when it becomes available, it said.
The airline said it has taken following steps after the data security incident: Secured the compromised servers, engaged external specialists of data security incidents, notified and in talk with the credit card issuers and reset the passwords of Air India frequent flyer programme.
(With PTI inputs)