Air India on May 21, 2021, reported a massive cyber-attack in February 2021 that leaked ten years of customer data including credit cards, phone numbers, and passports details of 45 lakh customers.
Air India in personal communication with the customers whose details got compromised in the cyber-attack said, “As part of our commitment, we would like to inform you that SITA PSS, our data processor of the passenger service system, recently notified Air India of a data security breach involving personal data of certain passengers, including yours.”
The breach targeted the personal details of passengers between August 26, 2011, and February 20, 2021, which included name, contact information, date of birth, ticket information, frequent flyer data, passport information, and credit card details. However, the data processer SITA PSS does not store CVV or CVC numbers, the airline assured.
The Indian airline further informed that Air India received the identities of the customers affected in the breach between March 25 and April 5, 2021.
The airline is investigating the breach and securing the compromised servers, and resetting passwords of the frequent flyer program. Meanwhile, the company also asks the affected customers to change their passwords wherever applicable.
SITA PSS is a Geneva-based passenger system operator that stores and processes the personal information of the passengers.
Other cyber-attacks on airlines
•British Airways in 2020 had incurred a 20 million pound fine after its failed attempt at protecting the data of more than 4 lakh of its customers.
•In another instance in 2020, EasyJet, a London-based airline, reported that email and travel details of around 90 lakh customers got hacked.
What is cyber-attack?
•Cyber-attack is a deliberate malicious attempt by individuals or organizations to breach into the system of another company or individual to seek confidential or personal data.
•Types of cyber-attack comprise malware, viruses, trojans, ransomware, spyware, phishing, denial-of-service, SQL injection, cross-site scripting, etc.
What is cyber-security?
•Cyber-security comprises practices, technologies, processes designed to protect cyberspace and networks from cyber-attacks.
•Data of individuals business organizations, and governments are targeted to steal personal or sensitive information, patents, employees’ or customers’ personal data, confidential data related to the country’s military, citizens, local, state, or central governments.
Cyber-Security Laws in India
•Information and Technology Act, 2000 (also known as Indian Cyber Act)
•Information and Technology Amendment Act, 2008 (ITAA)
•National Cyber Security Strategy, 2020
•Cyber Surakshit Bharat Initiative
•Cyber Swacchta Kendra in India is a Botnet Cleaning and Malware Analysis Centre, operated by the Indian Computer Emergency Response Team, under the Ministry of Electronics and Information Technology.