In shocking news today, up to 4.5 million Air India passengers have had their data compromised in a cyberattack. The attack occurred earlier this year and saw sensitive information like passport details and credit numbers leaked. This data breach was a part of an attack on airline information company SITA in February.
Yesterday, it was revealed that millions of Air India travelers have had their data breached in an attack in February. According to Times of India, the carrier estimates that 4.5 million passengers’ have seen their confidential information stolen. Concerningly, the data taken is not limited to frequent flyer data and names, but also includes data of birth, passport information, and credit card numbers. Passwords remained protected in the leak.
The breach affects the “personal data of some passengers” traveling with the airline from August 2011 to February 2021. The nearly 10-year long window explains why millions have been lost data due to the issue.
In a statement informing the public of the breach, the airline said,
“This is to inform that SITA PSS, our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers…While we had received the first notification in this regard from our data processor on February 25, 2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on March 25 and April 5.”
While Air India has been the latest airline to notify travelers of the breaches, it is not the only one reeling. SITA is an IT giant in the aviation industry, with a presence in 90% of international destinations. With over 400 members, the company portfolio includes all Star Alliance members and scores of other airlines.
This made Febrarary’s data breach extremely concerning for flyers globally. The airline affected include: American Airlines, British Airways, Cathay Pacific, Japan Airlines, Lufthansa, Air New Zealand, SAS, Singapore Airlines, United Airlines, and more. However, the real list could be much longer considering SITA’s ties with global airlines. Sources have said the breach could include oneworld and all Star Alliance airlines.
Air India is only the most recent airline to announce its own data loss. Notably, most carriers said that only frequent-flyer information was compromised, with personal passenger data being safe. This means Air India might be the worst-affected airline by this breach.
The last few years have seen cyber-attacks on airlines becoming more common. Carriers like Cathay Pacific, British Airways, Transavia, IndiGo, and more have been impacted by breaches in the last three years (aside from the SITA leak). This has raised renewed scrutiny of airline security practices and even resulted in hefty fines. Expect a lot more scrutiny of third-party vendors and internal data storage practices from now.
What is your view of airline data breaches? Have you been impacted by any? Let us know in the comments.