A massive breach has been reported by Indian Airlines exposing the personal data of over 45 lakh travellers. The breach was one of the most sophisticated and sustained attacks and was carried out on SITA, Indian Airlines’ data processor, for weeks.
According to reports, this attack has resulted in compromising of data that includes name, date of birth, contact information, passport information, frequent flyer and credit cards data numbers of customers registered between 26th August 2011 and 3rd February 2021.
For those who’re unaware, SITA is a Geneva-based passenger system operator and is one of the world’s leading air transport communications and IT companies. It handles consumer data of various airlines, Singapore Airlines, Lufthansa, United apart from Indian Airlines.
Air India data breached in a major Cyber attack. Breach involves Passengers personal Information including Credit Card Info and Passport Details. Other Global Airlines are likely affected too.#airindia #CyberAttack @airindiain@rahulkanwal @sanket @maryashakil pic.twitter.com/XxUORgInJQMay 21, 2021
While Indian Airlines has accepted that the data was compromised, it stated that the CVV/CVC numbers that are important for payment processing, are not saved by SITA, hence have not been impacted. However, the prepared statement does reveal that a lot has been compromised. “The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” it reads.
As a result of the breach, Indian Airlines states that it has taken necessary steps to secure the data saved on the compromised servers and has engaged with “external specialists of data security incidents, contacting credit card issuers and resetting passwords of its frequent flyer programme.”
The Airline is also informing passengers to change passwords of their bank accounts, frequent flyer accounts among others. On the other hand, SITA had informed about the breach in March this year and had advised around a dozen airlines to ask their users to change their credentials.
This is not the first data breach that has happened during the current covid times. Recently, Facebook, LinkedIn, Clubhouse and Mobikwik faced data breach that exposed the data of millions of users worldwide.