4.5 million Air India passengers had their personal data leaked following a cyber-attack on the airline’s SITA PSS data processor.

Air India said that it was first aware of the breach back in February.

But the company claimed that its data processor for the passenger service system, which is responsible for storing and processing personal information, only identified those impacted in March and April.

The breach involved personal data registered between 26 August 2011 and 3 February 2021. The stolen details included name, date of birth, contact information, passport information, ticket information, and Star Alliance and Air India frequents data.

Credit card data was also leaked, but the airline assured customers that CVV/CVC numbers were not held by the data processor.

Air India said that following the breach it investigated the incident, secured compromised servers, engaged external specialists of data security incidents, notified and liased with credit card issues, and reset passwords of Air India FFP programme.

“The protection of our customers’ personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate continued support and trust of our passengers,” the company said in a statement.

Share Story: