 "UK regulator probes Air India's data leak impacting 4.5 mn passengers")
The United Kingdom’s data protection regulator is investigating the leak of Air India’s passenger data which has impacted 4.5 million customers globally.
India does not have a specific data protection law and a bill on the subject is pending in Lok Sabha since 2019. However, European Union and UK laws require airlines to put in place measures for data protection and report cases of data breach to regulators in the continent within 72 hours of becoming aware of it. Non-compliance or negligence can result in steep fines.
“Air India has reported an incident to us and we are investigating. Anyone who is concerned about their personal data should contact the airline first. If they are still not satisfied they can bring their concerns to the ICO,” said a spokesperson of the Information Commissioner’s Office, the UK’s data protection regulator.
In a May 15 notification to passengers Air India informed that personal data of 4.5 million customers was impacted following a cybersecurity attack on the servers of SITA, which provides passenger service systems to the airline.
This included personal data registered between August 2011 to February 2021 and includes passenger names, date of birth, contact information, passport information, ticket information, frequent flyer and credit card data.
While the airline received an intimation of the cybersecurity attack on February 25, it said the identity of the affected customers was made available by SITA on March 25 and April 5.
Though the airline is facing criticism for delay in informing passengers, an aviation source familiar with the matter said Air India undertook the necessary steps in accordance with law.
“As soon as the airline became aware of the data breach it reported the incident to all the regulators in Europe and other geographies in 72 hours. The airline has also engaged lawyers overseas following the incident to advise it on future actions. As of now there is no report of any adverse event or misuse of passenger credit cards,” the source
said.
Air India did not respond to an email query on the topic.
Earlier the airline said it has taken various steps following the incident including an investigation. It said compromised servers have been secured and external data protection specialists have been engaged. It has also liaised with credit card issuers.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%