Air India’s 45 lakh customers’ data leaked in major cyber-attack: Credit card details compromised

New Delhi: Ten years’ worth of Air India customer data including credit cards, passports and phone numbers have been leaked in a massive cyber-attack on its data processor in February, the airline has announced.

In a communique to its affected passengers, Air India informed that its SITA PSS server, which is responsible for storing and processing personal information of fliers, was subject to a cybersecurity attack. The resultant data breach involved personal data registered between August 26, 2011 and February 20, 2021.

In this attack, details like name, date of birth, contact information, passport details, ticket information, Star Alliance and Air India frequent flyer data as well as credit card data were leaked. As for credit card details CVV or CVC numbers were not stored in the affected server, Air India clarified.

“While we had received the first notification in this regard from our data processor on February 25, 2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on March 25, 2021 and April 5, 2021.

The present communication is an effort to apprise you of accurate state of facts as on date and to supplement our general announcement of March 19, 2021 initially made via our website,” Air India said in an email to passengers.