Air India data breach in February 2021; announcement comes in May 2021

SITA is a travel technology company that is one of the most prominent suppliers of airline software, such as passenger service systems and so on. The company supplies software systems to hundreds of airlines across the world. On February 24, 2021, the service provider announced that it was subject to a data security incident that involved users of the SITA Passenger Service System (the software which enables passenger reservations, check-in, boarding and so on, simplistically speaking). This was related to an Air India Data Breach, which is being reported now by the airline.

SITA issued a press release about the incident on March 4, 2021:

SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (“SITA PSS”) operates passenger processing systems for airlines.

After confirmation of the seriousness of the data security incident on February 24, 2021, SITA took immediate action to contact affected SITA PSS customers and all related organizations.

Airlines across the globe started to inform their passengers of this data breach, including names such as Finnair, Singapore Airlines, Lufthansa, Aegean, British Airways, American Airlines and United, amongst others. In all these cases, the notifications to passengers went out on or in the vicinity of March 5, 2021.

Air India Data Breach

However, Air India, a customer of SITA, only came around to inform their members of the data breach this week. Air India claims that 4.5 million data subjects (not equivalent to 4.5 passengers, lesser than that since this could mean duplicate passenger records as well) across the SITA network were affected and AI only reached out to those affected. The leaked data was collected between August 26, 2011, and February 3, 2021.

Air India Data Breach

The details include personal information such as name, passport information, frequent flyer data, and credit card data that were hacked in this Air India Data Breach. Interestingly, the airline sat on intimating about this sensitive information for 1.5 months before reaching out to customers. A compromised passport or credit card details are a significant danger. Because of Air India’s laxity in this issue, many people could have noticed unusual activity on their card accounts.

The slow pace at Air India also is indicated by the fact that the airline started to reset customer passwords for FFP logins at least two weeks back, if not more, and did not bother telling customers that their data was compromised and hence they had to reset passwords.

Air India needs to take the customers’ data privacy seriously, which, in this case, has not taken seriously so far. Also, it waited to isolate the people whose data might have been compromised and did not send out an email to everyone as a precautionary measure. They instead claim to have put it on their website, as if Air India’s website is Google that most people visit daily. 

Bottomline

Air India customers had their personal and financial data compromised as a part of a cyber attack on SITA systems in which 4.5 million data subjects were affected. The compromise was discovered in February 2021 and disclosed by SITA and most airlines involved in March 2021. Air India did not own up to making a disclosure till three months later, which is now.

Have anyone of you been affected by this Air India Data Breach caused due to SITA servers being compromised? What do you think of Air India’s very delayed intimation on this account? 


Liked our articles and our efforts? Please pay an amount you are comfortable with; an amount you believe is the fair price for the content you have consumed. Please enter an amount in the box below and click on the button to pay; you can use Netbanking, Debit/Credit Cards, UPI, QR codes, or any Wallet to pay. Every contribution helps cover the cost of the content generated for your benefit.

(Important: to receive confirmation and details of your transaction, please enter a valid email address in the pop-up form that will appear after you click the ‘Pay Now’ button. For international transactions, use Paypal to process the transaction.)

We are not putting our articles behind any paywall where you are asked to pay before you read an article. We are asking you to pay after you have read the article if you are satisfied with the quality and our efforts.

Comments

  1. Not surprtised. AI is govt owned and the current govt we have
    1. Doesnt care about privacy
    2. Is full of frauds

    • Why is this website incapable of filtering out such useless rants that don’t mean anything? (Please remove my comment also after removing the junk / spam posted by 747always)

  2. Hey Ajay,

    Long time reader of your blog here and appreciate the content that LFAL brings !

    Regarding this breach, you know I have been holding my Flying Returns account for quite some time and have not had the need to change my password for many years now..

    But last weekend, when I tried logging to my Flying Returns account, I was unable to login and found out that my password was invalid which was weird..

    I then had to reset my password and then was able to login

    Thankfully there was nothing off in my account post logging in

    But could my password change have something to do with this ?

    I think it might be.

    • @Ashish, yes, this is the reason. Other people also had to reset passwords and they did not know why. Poor communications from Air India all around.

Leave a Reply

Your email address will not be published. Required fields are marked *