New Delhi: A major cybersecurity attack, which targeted Air India’s passenger service system SITA, has exposed the personal information of lakhs of passengers, including their credit card and passport details, the company said on Friday.
The breach involved personal data registered with the airline between August 26, 2011, and February 3, 2021, with details that included name, date of birth, contact information, passport information, ticket information as well as credit cards data. However, the airline clarified that CVV/CVC data of the credit card holders were not stored in their system.
‘‘While we and our data processor continue to take remedial actions...We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data," it said.
Data of 4.5 million passengers -- which includes Air India's passengers -- across the world has been "affected" due to the cyberattack on SITA, the statement said.
SITA is based out of Geneva in Switzerland.
While the level and scope of sophistication of the attack is being ascertained through forensic analysis, SITA has confirmed that no unauthorised activity has been detected inside the system's infrastructure after the incident.
Air India, meanwhile, along with the service provider, is carrying out risk assessment and would further update as and when it becomes available, it said.
The airline said it has taken following steps after the data security incident: Secured the compromised servers, engaged external specialists of data security incidents, notified and is in talk with the credit card issuers and has reset the passwords of Air India frequent flyer programme.