Security News > 2021 > May > Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers
India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System provider SITA fell victim to a cyber attack earlier this year.
The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card data.
Air India said neither CVV/CVC numbers associated with the credit cards nor passwords were affected.
With the latest development, Air India joins a long list of airlines, such as Lufthansa, Cathay Pacific, Air New Zealand, Singapore Airlines, Scandinavian Airlines, Finnair, Malaysia Airlines, South Korea's Jeju Air, American Airlines, and United Airlines that have been impacted by the data security incident.
As part of its investigation into the event, Air India said it engaged external specialists and that it notified credit card issuers of the issue, besides resetting passwords of its frequent flyer program.
UPDATE: According to DarkTracer, the personal information stolen from Air India following the SITA PSS server breach is now being allegedly sold on underground data sale forums for $3,000.