Air India data breach: Personal data of 45 lakh registered users between August 2011 and February 2021 compromised

Air India data breach: Personal data of 45 lakh registered users between August 2011 and February 2021 compromised

FPJ Web DeskUpdated: Friday, May 21, 2021, 10:23 PM IST
article-image
Air India data leak: Personal data of 45 lakh registered users from August 2011 to February 2021 breached |

National carrier Air India has been informing its customers about the data breach that took place in the last week of February 2021. The first announcement of the breach was made on March 19, 2021 on its website. Recently, the carrier has shared more details on the leak of 45 lakh data subjects or individuals with its customers.

The leaked data included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit card data.

The carrier stated the Passenger Service System provider was subject to “sophisticated cyber attack” which led to personal data leak of certain passengers. It sent out a communication to all those individuals whose data has been leaked.

It stated in the communications, “While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 & 5.04.2021.”

In the letter to the customers Air India said, “The breach involved personal data registered between 26th August 2011 and 20th February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data. However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor.”

Some users took to the microblogging site to inform about the letter sent out by the carrier.

On March 19, the airline said while the level and scope of sophistication is being ascertained through forensic analysis and the exercise is ongoing, the service provider has confirmed that post incident, no unauthorised activity inside the PSS infrastructure has been detected. “Air India meanwhile is in liaison with various regulatory agencies in India and abroad, and has apprised them about the incident in accordance with its obligations. Air India along with the service provider is carrying out risk assessment and would further update as and when it becomes available,” it stated in its earlier communication.

RECENT STORIES

Adani Enterprises Announces ₹1,000 Crore NCD Issue Offering Up To 9.3%

Adani Enterprises Announces ₹1,000 Crore NCD Issue Offering Up To 9.3%

Gaja Capital Plans IPO, Files Draft Papers With Sebi

Gaja Capital Plans IPO, Files Draft Papers With Sebi

At BRICS Meet, FM Nirmala Sitharaman Holds Bilateral Talks With China, Russia, Brazil, And Indonesia

At BRICS Meet, FM Nirmala Sitharaman Holds Bilateral Talks With China, Russia, Brazil, And Indonesia

New Aadhaar Rules Announced, Check Updated Document List For Enrolment & Changes

New Aadhaar Rules Announced, Check Updated Document List For Enrolment & Changes

Microsoft Exits Pakistan After 26 Years, Major Blow To Tech Ecosystem

Microsoft Exits Pakistan After 26 Years, Major Blow To Tech Ecosystem