Air India faces huge data leak, 45 lakh passengers in danger
Air India got the first notification with respect to the data breach on February 25 this year
If you thought that the personal details you shared with airlines to book flights are safe, think again. A massive cyberattack on Air India has led to personal data (name, contact, passport details, credit card details, ticket information and frequent flyer information) of 45 lakh flyers being compromised.
"Our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," Air India said in a statement.
The data breach involved personal details of passengers registered between August 26, 2011, and February 20, 2021. Air India got the first notification with respect to the data breach on February 25 this year and the identity of the affected data subjects was provided on March 25 and May 4.
However, as a saving grace, the airline informed that the CVV/CVC numbers on credit cards, which are necessary to execute transactions were not held by the data processor of the airline's passenger service system, suggesting that these vital passenger data were not compromised.
Air India's response to this data security incident involved launching a probe and securing the breached servers. External specialists on data security incidents have been engaged and credit card issuers have been notified. The passwords to the frequent flyer programme are also being reset.
The airline added that no abnormal activity was seen after the compromised servers were secured. As a matter of abundant safety, Air India has requested passengers to change the passwords to their accounts on the airline's website and wherever else applicable.
While Air India seeks to set its house in order after this major cyberattack, and it may indeed succeed in doing so, but if data shared with the national carrier can be breached with such impunity, it really sends a chill down the spine of the common passenger. It reflects poorly on the national carrier, which has already been the target of brickbats ranging from financial troubles, inefficiency, questionable safety standards, clashes between the employees and the management and so on.