Security News > 2021 > May > Air India admits to data breach impacting 4.5m customers, sat on the news for five weeks

Air India admits to data breach impacting 4.5m customers, sat on the news for five weeks
2021-05-24 05:58

India's flag carrier, Air India, has admitted it fell foul of the data breach at aviation information services provider SITA, and that its disclosure comes five weeks after it was notified of the situation.

A new statement [PDF] from the airline says that personal data describing around 4.5 million of its customers leaked when SITA revealed it had been breached in March 2021.

Air India was not on the list SITA provided to The Register for our March 5th story, but the carrier posted its own notice on March 19th that said the airline's "Passenger Service System provider has informed about a sophisticated cyber-attack it was subjected to in the last week of February 2021".

The new statement, dated May 15th, does name SITA and says the airline was told its customers were among those in the leak on March 25th and April 4th. Customers have now been told that the leaked data covered "Personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data as well as credit card data."

Air India has nonetheless recommended customers change their frequent flier passwords and promised that it took the incident very seriously and cleaned up as thoroughly as possible once it understood the problem.

The document does not state why Air India has not disclosed the breach despite being informed it was impacted on March 25th. The statement nonetheless ends: "The protection of our customers' personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate continued support and trust of our passengers." .


News URL

https://go.theregister.com/feed/www.theregister.com/2021/05/24/air_india_sita_data_breach/