On Friday late night Air India had informed that there was a mega data breach in its passenger service system. Which had affected upto 45 lakh subject’s from past 10 years. The breach was reported in personal service system. Air India informed that breach was in personal data registered between 26th of August 2011 to 3rd of February 2021. With information of Date of Birth (DOB) , contact information, name, passport information and ticket information.
The breach also included Star alliance, Air India frequent flyer and credit card information. No password data was affected. CVV/ CVC numbers were not held by the data which was breached.
The SITA PSS the data processor of passenger service system ( which was responsible for storing and processing personal information) was recently subjected to cyber attack. Which resulted in breach of personal data leak of some passenger. Said the statement from Air India.
This incident affected around 4,500,000 data subjects in the world. In respect of credit cards data,CVV/CVC numbers are not held by our data processor. Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers: Air India informed Ani.
The first data breach was notified on February 25th. Air India authority informed that the affected data breach information was provided to them on March 25 and April 5th. Their data processor had provided the information of affected data on 25th of April.
Further measures taken to secure cyber security
The present effort is to apprise at the state of facts on date and supplement our general announcement on 19th March on our official website. Air India further added that safety measures are taken on data safety , investigating the data security incident. Securing the comprised servers , engaging external data security specialist and notifying and liaising with credit card users.
The airline has also reset the passwords of Air India FFP program. And requested the passenger’s to change password where ever applicable to ensure the safety of their personal data. Our data server has ensured that there were no abnormal activity observed after securing the servers. While we and our data processor continue to take remedial action but not only limited to above . We would also encourage our passengers to change password where ever applicable. It said.
The airline also added that the protection of personal data our customers is of highest importance to us. And we regret for the inconvenience caused and appreciate the continued support by our customers – Says the Air India.