Air India faces cyber security breach: 45L passengers data compromised; Who could be behind this?

National

Air India has faced a massive cyber-attack which has affected around 45 lakh customers registered between 26th August 2011 and 3rd February 2021. The airline has disclosed the scale of the breach nearly three months after it was first informed of it. A ‘highly sophisticated’ attack has targeted Geneva-based passenger system operator SITA that serves the Star Alliance of airlines including Singapore Airlines, Lufthansa and United besides Air India.

Air India in an email to its customers said that their data processer has recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data as well as credit cards data. However, the airline maintained no CVV/CVC numbers were held by their data processor.

Air India data breached in a major Cyber attack. Breach involves Passengers personal Information including Credit Card Info and Passport Details. Other Global Airlines are likely affected too.#airindia #CyberAttack @airindiain@rahulkanwal @sanket @maryashakil pic.twitter.com/XxUORgInJQ

— Jiten Jain (@jiten_jain) May 21, 2021

Meanwhile Air India maintained that it had launched an investigation into the incident and took steps including securing the compromised servers, credit card issuers and resetting passwords of its frequent flyer programme. However it becomes pertinent to figure who would be carrying out such ‘highly-sophisticated’ data and privacy breach involving personal information of millions of users. Ritesh Bhatiya, Cyber Security Expert exclusively spoke to NewsX and said that it looks like a very highly sophisticated attack as such. Bhatiya said that there are some precautions now that even have to be taken. Air India has said that credit card details have gone but not the CVV, but in order to make certain kinds of international transactions, one don’t even need the CVV, the 16 digit card number the expiry date, the name on the card is enough to carry out certain kinds of transactions, and hence it would be prudent. Bhatiya suggested the airline users should atleast disable international transaction, one can do via net banking or their respective bank app.