On Friday, national carrier Air India announced that a cyber data breach involving its provider SITA PSS had compromised some of its passengers’ information.
According to industry sources, the data breach has also infected several big carriers.
Recently, a cyber-security attack on SITA PSS’s database resulted in the disclosure of certain passengers’ personal details.
The provider is responsible for storing and managing passengers’ personal information.
According to a statement issued by Air India on Friday, the incident affected approximately 4,500,000 data subjects worldwide.
“The leak affected personal data collected between 26 August 2011 and 3 February 2021, including name, date of birth, contact details, passport information, ticket information, frequent flyer data from ‘Star Alliance’ and ‘Air India’ (but not password data), and credit card data.”
“However, our data processor does not maintain CVV or CVC values for the above type of data.”
The airline announced that it is conducting an investigation into the information security incident, securing the compromised devices, contacting external data security incident specialists, and notifying and communicating with credit card issuers.
Additionally, the airline said that the data processor confirmed that no malicious activity was found after the infection of the compromised servers’ securement.
“While we and our data processor continue to implement corrective steps, including but not limited to those listed previously, we would also remind passengers to change their passwords wherever necessary to ensure the protection of their personal data.”
“We value the security of our customers’ personal information and apologize for any inconvenience this can trigger. We owe a debt of gratitude to our passengers for their continuing confidence and allegiance.”