Air India has confirmed that a cyberattack led to the exposure of data belonging to roughly 4.5 million global passengers. According to the company, aviation IT provider SITA’s Passenger Service System was accessed by an unauthorized third party in early March. This system stores and processes all of the personal data of individuals traveling on Air India. The airline stated that the breach includes all data registered between August 26, 2011, and February 3, 2021.
Details exposed in the attack include name, birthdates, contact information, passport details, ticket information, and credit card data. India Air states that CVV/CVC numbers were not affected, however, because its data processor does not handle them. The airline also reported that password data was not affected but all passengers are encouraged to change their passwords as a precaution. Air India allegedly learned of the attack on February 25, 2021, and has since launched an investigation, secured its servers, notified credit card issuers, and consulted external security specialists, according to a statement released by the airline.
Read More: Air India Confirms Data of 4.5M Travelers Compromised