Beleaguered Indian carrier – Air India – suffered a major security data breach on Friday, May 21st. Affecting around 45 lakh data subjects worldwide, the breach compromised personal information of lakhs of passengers including credit card numbers, passport details, ticketing information, and their frequent flier information amongst others.
The airline, however, clarified that the breach did not include CVC & CVV information of credit card holders, as the same was not stored together with the other details. The data loss includes the personal data of those who registered with the airline between August 26, 2011, and February 2, 2021, said the airline in a statement.
“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world,” said the statement released by Air India.
The first information concerning the data breach was received by the Airline on March 25th of this year with subsequent information being available on April 5th. The airline affirmed its commitment to data-safety and privacy of its passengers and said that there is an effort to provide clear & transparent information to its fliers.
“The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website,” added the statement issued by the airline.
Despite the data breach, the airline informed its fliers that there had been no compromise of the passwords but advised its users to change the same, for their own safety.
“While we and our data processor continue to take remedial actions including but not limited to the above, we would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data,” the airline reminded its passengers and patrons.
Outlining the measures taken to augment its measures to improve data-safety, Air India said that the company was undertaking an investigation of the incident and improving security of the servers compromised with the help of external experts. Additionally, Air India has also sought to work with all the credit card issuers and plug-in any gaps in security whilst resetting all the passwords of the frequent flier program.
“The protection of our customers’ personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate continued support and trust of our passengers,” concluded the statement from the airline.
This is the second major data-breach suffered by the airline in recent times, as there are several other hardships it has been facing from hostile takeover efforts of its offshore assets to difficulties in the disinvestment program. The current downturn in the global aviation space is pushing several airlines to the brink, and Air India – the national carrier of India – is facing a daunting challenge to find a buyer in this backdrop. And frequent data breaches aren’t going to help its case, at all.
