45 Lakh Affected In Massive Air India Data Breach Including Credit Cards

People who dealt with the airline between 26th Aug 2011 and 3rd Feb 2021 were affected.

New Delhi:

Ten years’ worth of customer data including credit cards, passports and phone numbers has been leaked in a massive breach at Air India, the airline said on Friday.

The incident has affected around 45 lakh customers, Air India said, disclosing the scale of the breach three months after it was first informed.

“The data breach involved personal data registered between 26th Aug 2011 and 3rd Feb 2021, with details including name, DOB (Date of Birth), contact info, passport info, ticket info, Star Alliance and Air India frequent flyer data (no passwords data affected) and credit cards data,” the airline said in a statement.

“This incident affected around 4,500,000 data subjects in the world. In respect of credit cards data, CVV/CVC numbers are not held by our data processor. Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers,” it said.

“Following measures to ensure safety of data immediately taken – investigating data security incident, securing compromised servers, engaging external specialists of data security incidents, notifying and liaising with credit card issuers, resetting passwords of Air India FFP programme,” the airline added.

Air India also sent an email to some customers informing them of the hack, saying its data processing agency first informed them about the incident in late February.

“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers,” it said.

“While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 & 5.04.2021,” Air India added.