IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Air India cyber attack exposes 4.5 million customers’ data

The breach involved personal data registered over a ten year period including credit card, passport and date of birth information

Air India has stated that a cyber attack three months ago on the systems of its data processor, SITA, has affected around 4.5 million of its customers around the world.

The breach involved personal data registered over a ten year period, between 26 August 2011 and 3 February 2021. The details exposed include name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data, and credit card data.

“However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor,” the company stated in a release.

Air India first received news of the incident from SITA on 25 February, but only found out the identity of the affected data subjects on 25 March and 5 April. Following the breach, a number of steps were taken including securing the compromised servers and notifying and liaising with credit card issuers.

A spokesperson from SITA told IT Pro that its passenger processing services were the target of a “highly sophisticated but limited cyber attack” which affected passenger data stored on servers in SITA PSS’s data centre in Atlanta, Georgia.

Related Resource

Defend your organisation from evolving ransomware attacks

Learn what it takes to reduce risk and strengthen operational resiliency

Defend your organisation from evolving ransomware attacks - whitepaper from VeritasDownload now

“By global and industry standards, we identified this cyber-attack extremely quickly. The matter remains under active investigation by SITA,” said the spokesperson.

The airline is encouraging its passengers to change passwords to ensure the safety of their personal data. 

In February this year, SITA disclosed that hundreds of thousands of passengers had their data stolen following a cyber attack on its systems. The company suffered a data breach on 24 February involving a portion of passenger data stored on its servers, which operate passenger processing systems on behalf of airlines including those compromising the Star Alliance group.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Skills shortages expected to hit over 90% of Australian and New Zealand businesses
Careers & training

Skills shortages expected to hit over 90% of Australian and New Zealand businesses

28 Jun 2022
Why India wants to become a chipmaking powerhouse
components

Why India wants to become a chipmaking powerhouse

28 Jun 2022
Samsung fined $14 million over misleading water resistance claims across its Galaxy smartphones
Mobile Phones

Samsung fined $14 million over misleading water resistance claims across its Galaxy smartphones

23 Jun 2022
Toshiba eyes $22bn buyout offer in bid to go private
Business strategy

Toshiba eyes $22bn buyout offer in bid to go private

23 Jun 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022