After two months after the theft by Passenger Service System Provider SITA in February 2021, Air India reported a breach of data after personal information for approximately 4.5 million of its clients was compromised.
First, the Indian national transport operator told passengers that on 19 March, SITA suffered a cyber-attack.
This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers,” Air India said in a breach notification sent over the weekend.
Around 4,500,000 data subjects were affected across the world by this data breach.
The airline noted that the infringement affected passenger data from August 2011 to February 2021.
However, it was determined that no credit card information or password data was accessed during a violation following an investigation into the security event. Air India however calls on passengers to reset their credentials so that potential infringements are blocked and their data protection guaranteed.
Air India added, “The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data.”
However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor
The protection of our customer’s personal data is of the highest importance to us and we deeply regret the inconvenience caused and appreciate the continued support and trust of our passengers. — Air India quoted.
Data breach impacts Star Alliance members
Far more than a dozen Air India passengers have been told about a breach of the Passenger Service (PSS) SITA system that manages traffic between ticket reserves and boarding. Their data have also been obtained during a breach of the system.
The situation was also confirmed by SITA, which in early March notified affected PSS customers and all associated companies.
A spokesperson from SITA has confirmed that the breach impacts the data of passengers from the following airlines as well –
- Lufthansa – It is the second-largest airline in Europe in terms of passengers carried, thanks to its subsidiaries; it is a member of the Star Alliance and a Miles & More partner.
- Air New Zealand – flag carrier airline of New Zealand
- Singapore Airlines – flag carrier airline of Singapore
- SAS – Scandinavian Airlines
- Cathay Pacific – flag carrier of Hong Kong
- Jeju Air – the first and largest South Korean low-cost airline
- Malaysia Airlines – flag carrier airline of Malaysia
- Finnair – flag carrier and largest airline of Finland
Some of these airlines (including Air India) are members of the Star Alliance, a worldwide airline alliance with 26 members that includes the world’s largest airline, Lufthansa.
As shared with a media publication, Star Alliance members also share consumer information that is crucial to giving travel rewards.
Membership names, frequent flyer program membership numbers, and program tier status are the only pieces of information available.
To read more, please check eScan Blog
