Air India reported,
"SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world."
Source: Hindustan Times.
The national carrier said that they registered the personal data between August 26, 2011, and February 20, 202.
During a hack on its data processor, SITA, which disclosed a cyberattack in March, the data was breached.
Over nearly 10 years, the data of Air India customers involved those that were registered.
The airline added,
“While we had received the first notification from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021”.
Source: The Economic Times.
Experts have separately said that sensitive personal information like contact and passport data might lead to impersonation attacks and allow perpetrators to break into people’s bank accounts by using such data for verification.
As per media reports, “SITA confirms it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc servers,” SITA said in a statement on March 4.