45 Lakh Customer Data Compromised as Air India Servers Gets Hacked


A massive cyberattack was perpetrated against the domestic carrier Air India, which compromised passengers' data including passports, contacts, ticket information, and credit card information. 

Air India is India's flag carrier, based in New Delhi. It owns and runs the Airbus and Boeing aircraft fleet serving 102 national and international destinations and is operated by Air India Limited. 

The airline stated that the incident impacted about 4,500,000 data subjects worldwide. The company further added that the violation involved data from somewhere between August 2011 and February 2021. 

“The breach involved personal data registered between 26 August 2011 and 3 February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data,” a message from Air India reads. 

While the airline has admitted that the credit card details have been violated, it has made it clear that its data processors have not held the CVV/CVC numbers - which are the key to carrying out transactions. 

"Our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," said the statement issued by Air India. 

The state-owned flight operator also mentioned that the first communication concerning the data violation had been obtained from its data processor on 25 February 2021. That being said, on March 25 and May 4, the identification of the data subjects concerned was given. 

"While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021," the statement said. 

Air India has also mentioned that it follows data protection policies and has started investigating data protection incidents. The airline also secures vulnerable servers, engages external computer protection experts, liaises, and notifies Air India frequent flyer program credit card issuers and reset flyer passwords.