According to an official statement released on Friday, Air India’s passenger service infrastructure provider SITA was hit by a sophisticated cyberattack in February, resulting in the leak of personal data of a number of the national carrier’s passengers.
A certain number of Air India passengers’ personal details, including name, date of birth, contact details, passport information, ticket information, and credit card information, was leaked between August 11, 2011 and February 3, 2021, according to the airline’s release.
“While we and our data processor continue to take remedial actions…We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data,” it said.
The cyberattack on SITA has “affected” the data of 4.5 million passengers around the world, including Air India passengers, according to the announcement.
SITA is headquartered in Geneva, Switzerland.
The airline said, “Air India would like to notify its valued customers that its passenger service system provider has told us about a sophisticated cyber-attack it was subjected to in the last week of February 2021.”
Though forensic investigation is being used to determine the extent and scope of complexity, the process is still underway, SITA has stated that no unauthorized activity has been found within the system’s infrastructure since the incident, it said.
“Air India meanwhile is in liaison with various regulatory agencies in India and abroad, and has apprised them about the incident in accordance with its obligations,” the airline said.
Air India is conducting a risk evaluation with the service provider and will provide updates when information becomes available, according to the company.
Following the data protection incident, the airline said it secured the infected servers, hired external data security incident technicians, contacted and communicated with credit card issuers, and reset the passwords for the Air India frequent flyer scheme.
