Air India Data Breach Impacted 4.5 Million Individuals

Air India Data Breach Impacted 4.5 Million Individuals

Two months after the hack of Passenger Service System provider SITA in February 2021, Air India admitted that the attack compromised the personal information of roughly 4.5 million of its customers. The Indian airways carrier first publicly revealed that SITA fell victim to a cyberattack on March 19. The company said in a breach notification sent out this weekend:

“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers.”

SITA platform handles transactions from ticket reservations to boarding for Air India and many other air carriers.

The Indian company says the incident impacted about 4,500,000 individuals in the world adding the data belonged to passengers registered between August 2011 and February 2021. The investigation showed that no financial information or credentials had leaked during the breach.

Despite that, Air India urges its passengers to change credentials to protect against new breach attempts.

“The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” the company added [PDF].

Air India reminded that customers’ CVV/CVC numbers are not stored by its data processor (SITA).

“The protection of our customers’ personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate the continued support and trust of our passengers,” Air India stated.

Air India was not the only air carrier whose passengers’ data had been accessed by hackers during a breach of SITA’s Passenger Service System (PSS).

SITA has also confirmed the incident, and a SITA spokesperson told that the breach impacted data of passengers from multiple airlines, including:

  • Lufthansa

  • Air New Zealand

  • Singapore Airlines

  • SAS 

  • Cathay Pacific

  • Jeju Air

  • Malaysia Airlines

  • Finnair


About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.