Air India passenger data breach reveals SITA hack worse than first thought – TechCrunch



Three months after air transport information large SITA reported a knowledge breach, we’re nonetheless studying concerning the harm.

Air India stated this week that non-public information of about 4.5 million passengers had been compromised following the incident at SITA, Indian flag provider airline’s information processor. The stolen info included  passengers’ identify, bank card particulars, date of beginning, contact info, passport info, ticket info, Star Alliance and Air India frequent flyer information, Air India stated in an announcement (PDF).

CVV/CVC information of bank cards weren’t held by SITA, stated Air India because it urged passengers to alter passwords “wherever relevant to make sure security of their private information.”

The assault compromised information of passengers who had registered with the Indian airline over the previous decade, between August 26, 2011 and February 3, 2021, Air India stated in an announcement.

The revelation comes months after SITA stated it had suffered a knowledge breach that concerned passenger information. On the time, SITA stated it had notified a number of airways — Malaysia Airways, Finnair, Singapore Airways, Jeju Air, Cathay Pacific, Air New Zealand, and Lufthansa — of the breach.

The Geneva, Switzerland-headquartered agency — which is claimed to serve 90% of the world’s airways — had declined to disclose the precise information that had been compromised on the time of disclosure in early March, citing an investigation — which continues to be ongoing.


Air India stated that it was first notified concerning the cyber assault by SITA on February 25, however the nature of the info was solely offered to it on March 25 and April 5.

The struggling Indian airline, which has been surviving on taxpayer’s cash, claimed that it had investigated the safety incident, secured the compromised servers, engaged with unnamed exterior specialists, notified the bank card issuers, and had reset passwords of its frequent flyer program.

Air India is the most recent Indian agency to reveal a knowledge breach in current quarters. Funds large MobiKwik stated in late March that it was investigating claims of a knowledge breach that allegedly uncovered personal info of almost 100 million customers.

Alleged information of almost 20 million BigBasket (a prime grocery supply startup in India that’s now owned by native conglomerate Tata) clients leaked on the darkish net for anybody to obtain in late April. A safety lapse at Indian telecom large Jio Platforms uncovered outcomes of some customers who had used its device to test their coronavirus signs. Indian state West Bengal and large blood check agency Dr Lal PathLabs suffered comparable breaches. Air India’s peer, Spicejet, additionally confirmed a knowledge breach final yr.

Learn extra:


Supply hyperlink