Air India’s customer database breached

Air India’s customer database — name, date of birth, contact information, passport information, ticket information, frequent flyer data and also credit cards data — has suffered a massive security breach.

In all, about “45 lakh data subjects” may have been leaked. The airline has informed affected passengers that the “breach involved some personal data registered between August 2011 and February 2021.” It adds that “no passwords data was affected.”

This is the second major airline data breach in last six months. Last December, some servers of IndiGo were also hacked and the airline had said there was a “possibility that some internal documents may get uploaded by the hackers on public websites and platforms.”

In a detailed statement, Air India said: “This is to inform that SITA PSS, our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 45 lakh data subjects in the world. While we had received the first notification in this regard from our data processor on February 25, 2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on March 25 and April 5.”

The breach involved personal data registered between August 26, 2011, and February 3, 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data.