New Delhi: At least 4.5 million people’s private data has been leaked following a hack at Air India’s IT department. Cybercriminals have breached data including names, payment details and passport information.
The airline was told about the breach in February but disclosed details only now. The hackers have managed to breach data dating from August 26, 2011 to February 3, 2021.
Air India has said that CVV/CVC numbers have not been leaked.
The compromised software was operated by SITA Passenger Service System according to Air India. Other airlines hit by the sophisticated cyberattack include Singapore Airlines, Air New Zealand and Lufthansa.
Air India’s statement said, “Air India would like to inform its valued customers that its Passenger Service System (PSS) provider has informed about a sophisticated cyber-attack it was subjected to in the last week of February 2021.
"While the level and scope of sophistication is being ascertained through forensic analysis and the exercise is ongoing, the service provider has confirmed that post incident, no unauthorized activity inside the PSS infrastructure has been detected."
A second press release added that, after the notification of the hack, the steps taken included: "Investigating the data security incident, securing the compromised servers, engaging external specialists of data security incidents, notifying and liaising with the credit card issuers and resetting passwords of Air India Frequent Flyer Program."