Air India servers hacked; passengers' passport, credit card data leaked

Airline has set up a special cell to communicate with impacted customers

A major cybersecurity attack targeting Air India’s passenger service system has exposed the personal information of lakhs of passengers, including their credit card and passport details, the company said on Friday.

The breach involved personal data registered with the airline between 26th August, 2011 and 3rd February, 2021, with details that included name, date of birth, contact information, passport information, ticket information as well as credit card data. However, the airline clarified that CVV/CVC data of the credit card holders were not stored in their data.

The incident has affected around 45 lakh data subjects across the globe.

“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," read a statement released by Air India.

The national carrier received the first information regarding the data breach on February 25, and the identity of the affected data subjects was received on March 25 and April 5.