Add 4.5 Million Air India Passengers to Massive Airlines Data Breach From March

Personal data of about 4.5 million passengers of Air India was leaked in a cyber attack on the airline’s data processor but the compromised servers were later secured, the Indian state-run carrier said in a statement.

The debt-laden airline, a member of global airlines consortium Star Alliance, said the breach involved personal data, such as name, contact, passport, ticket and credit card details, registered between Aug 2011 and Feb 2021. No passwords were affected.

Air India’s data processor, SITA PSS (Passenger Service System), had in recent months informed the airline about a cyber attack it faced in February, following which the Indian airline investigated the matter and secured compromised servers.

“Our data processor (SITA) has ensured that no abnormal activity was observed after securing the compromised servers,” the airline said late on Friday.

SITA, which serves the Star Alliance of airlines including Singapore Airlines, Lufthansa and United , had in March said it had faced a “highly sophisticated” cyber-attack after which it initiated containment measures.

It was not immediately clear if any other airlines were affected by the incident SITA reported in March.

Asked for comment, SITA referred Reuters to its March announcement on Saturday, adding that it had duly informed Air India and “the matter remains under active investigation by SITA.”

For Air India, the breach is the latest headache at a time when it is trying to rein in costs while the government seeks to sell its interest in the company.

The airline is also embroiled in a legal battle with British firm Cairn Energy with pressure on the Indian government to pay a $1.2 billion arbitration award that Cairn was awarded by an arbitration tribunal in December.

Other major cyber incidents in the recent past include easyJet, which last year said hackers had accessed the email and travel details of around 9 million customers.

(Reporting by Tanvi Mehta in New Delhi and Arunima Kumar in Bengaluru; Editing by Aditya Kalra and Lincoln Feast.)

This article was written by Arunima Kumar and Tanvi Mehta from Reuters and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to [email protected].