Air India: At least 4.5 million data from people after IT system hack | Science & Tech News
At least 4.5 million people were exposed to their personal information after an IT system used by Air India was subjected to a “sophisticated cyber attack”.
The airline was first informed of the breach in February but only announced its involvement last week.
The cyber criminals have accessed details such as names, passport information and payment details dating back 10 years.
However, according to one statement, CVV / CVC numbers and passwords were not accessed.
According to Air India, the compromised software was operated by the SITA Passenger Service System.
SITA issued a statement in early March recognizing the hack, but without disclosing how many people were affected or which airlines were victims.
Other major airlines were also affected, including Star Alliance members Singapore Airlines, New Zealand Air and Lufthansa.
Air India said the incident “affected around 4,500,000 people in the world” but did not disclose how many of its customers were.
The hackers managed to get their hands on data from August 26, 2011 to February 3, 2021.
The airline’s statement reads: “Air India would like to inform its valued customers that their PSS (Passenger Service System) provider informed about a sophisticated cyber attack in the last week of February 2021.
“While the level and scope of complexity is being determined through forensic analysis and the exercise is ongoing, the service provider has confirmed that no unauthorized activity was detected within the PSS infrastructure after the incident.”
A second press release added that following notification of the hack, the following steps were taken: “Investigate the data security incident, secure the compromised servers, involve outside specialists in data security incidents, notify and contact the credit card issuers, and reset Air India frequent flyer program passwords.”
It added, “Also, our data processor made sure that no abnormal activity was observed after backing up the compromised servers.
“While we and our data processor continue to take remedial action, including but not limited to the above, we would also like to encourage passengers to change their passwords if necessary to help keep their personal information safe.”