Over 4.5 million customers are affected by the breach.
Are you a regular passenger of Air India? If yes, you might need to do some security check immediately. One of the biggest airlines in India was recently faced with a serious and massive security breach, affecting over 4.5 million of their customers. Here’s what to do if you’re one of the said victims of the breach.
Air India breach: Everything you need to know
On Sunday, May 23, the customers of Air India were shocked after reports confirmed a massive data breach happened to the airline company. Over 4.5 million customer data were compromised due to the incident. Forbes reported that customer data such as customers’ name, data of birth, contact information, passport information, frequent flyer data and credit card data– though the CVV/CVC numbers weren’t included– were the few details included on the said data breach. Affected customers were registered between August 2011 and late February 2021.
Air India has already released a press release about the issue and said that they’re doing their very best to ensure data safety among their customers. Also, “investigating the data security incident; securing the compromised servers; engaging external specialists of data security incidents; notifying and liasing with the credit card issuers, and resetting passwords of Air India FFP program.”
“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers,” Air India said in a breach notification sent over the weekend.
Though this announcement may caused panic to Air India customers, the airline clarified that no passwords were included on their investigation of the data breach. However, customers were still notified to change their codes, or better yet, the whole email addresses in order to be sure of their safety.
How it happened
The SITA’s Passenger Service System (PSS) was the one to blame on the said incident, according to Air India. It was first reported to Air India on February 25, but only learned the identities of affected passengers on March 25 and May 4.
Surprisingly, Air India was not the only airline involved in the data breach. Other companies as well such as Air New Zealand, Cathay Pacific, Finnair, Jeju Air, Lufthansa, Malaysia Airlines, SAS and Singapore Airlines, were also reportedly notified about the incident.
“By global and industry standards, we identified this cyber-attack extremely quickly. The matter remains under active investigation by SITA,” the company said. “Each affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories, including some personal data of airline passengers.”
What to do if you’re affected
Just like any other massive breach in the history, customers or users involved on the incident must protect themselves immediately before hackers get to their accounts. This includes changing your passwords, making another email, and avoiding financial transactions first.