Security News > 2021 > May > Air India admits to data breach impacting 4.5m customers, sat on the news for five weeks
![Air India admits to data breach impacting 4.5m customers, sat on the news for five weeks](/static/build/img/news/alt/cybersecurity-breach-statistics-medium.jpg)
India's flag carrier, Air India, has admitted it fell foul of the data breach at aviation information services provider SITA, and that its disclosure comes five weeks after it was notified of the situation.
A new statement [PDF] from the airline says that personal data describing around 4.5 million of its customers leaked when SITA revealed it had been breached in March 2021.
Air India was not on the list SITA provided to The Register for our March 5th story, but the carrier posted its own notice on March 19th that said the airline's "Passenger Service System provider has informed about a sophisticated cyber-attack it was subjected to in the last week of February 2021".
The new statement, dated May 15th, does name SITA and says the airline was told its customers were among those in the leak on March 25th and April 4th. Customers have now been told that the leaked data covered "Personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data as well as credit card data."
Air India has nonetheless recommended customers change their frequent flier passwords and promised that it took the incident very seriously and cleaned up as thoroughly as possible once it understood the problem.
The document does not state why Air India has not disclosed the breach despite being informed it was impacted on March 25th. The statement nonetheless ends: "The protection of our customers' personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate continued support and trust of our passengers." .
News URL
https://go.theregister.com/feed/www.theregister.com/2021/05/24/air_india_sita_data_breach/
Related news
- Kaiser Permanente: Data breach may impact 13.4 million patients (source)
- Collection agency FBCS warns data breach impacts 1.9 million people (source)
- Panda Restaurants discloses data breach after corporate systems hack (source)
- 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element (source)
- UK confirms Ministry of Defence payroll data exposed in data breach (source)
- Dell warns of data breach, 49 million customers allegedly affected (source)
- Dell API abused to steal 49 million customer records in data breach (source)
- Largest non-bank lender in Australia warns of a data breach (source)
- Helsinki suffers data breach after hackers exploit unpatched flaw (source)
- Banco Santander warns of a data breach exposing customer info (source)