The personal data of 4,500,000 customers who fly global airlines like Air India, Malaysia Airlines, Singapore Airlines, Finnair, and others were compromised in a cybersecurity attack.
Passengers who were affected by the breach are those that took any trip on one of many Asian Airlines flights anytime between August 26, 2011, and February 20, 2021, reported Business Today.
Information of the customers, such as name, date of birth, contact information, passport details, and credit card data was leaked through the hacking of Air India's main server, SITA PSS, which is responsible for storing and processing that information.
Customers were first notified of the information leak on March 19 through a general announcement on the airline's website, which stated that they had been subject to a "sophisticated cyber attack." According to Business Today, the company confirmed at that time that no unauthorized activity had reached inside the infrastructure of the Passenger Service System. Air India urged all of its customers to change passwords for online accounts as soon as possible to keep additional personal data safe.
"While we had received the first notification in this regard from our data processor on February 25, 2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on March 25, 2021, and April 5, 2021," the airline wrote in an email to all customers.
Air India said in a statement: "In respect of credit card data, CVV/CVC numbers are not held by our data processor. Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers."
Air India also confirmed that its IT department quickly resecured their servers and that nothing has seemed out of place in the affected servers since they were rescued.
Laws in India regarding data protection and privacy for citizens have been ambiguous and "lax," according to India Today.
Only recently, the Indian government has introduced a Personal Data Protection Bill, which has been slowly making its way through Parliament.
Another major attack that leaked the personal information of customers in India this year was the hacking of BigBasket, a major shopping database with over 20 million users, reported India Today.
The data breach leaked email addresses, phone numbers, and passwords of customers onto the dark web.
Air India is not the only airline to be hacked, Reuters reported that the data of nearly 400,000 customers flying with British Airways was compromised in 2018.
BBC also reported that EasyJet, a Swiss airline, was hacked in early 2020, affecting almost 9 million customers, and 2,208 customers reported that their credit and debit card details were "accessed" as a result of the hack.
Newsweek reached out to Air India for comment, but did not hear back in time for publication.
