Personal data of about 4.5 million passengers of Air India was leaked in a cyber attack on the airline's data processor but the compromised servers were later secured, the Indian state-run carrier said in a statement.
The debt-laden airline, a member of global airlines consortium Star Alliance, said the breach involved personal data, such as name, contact, passport, ticket and credit card details, registered between August 2011 and February 2021. No passwords were affected.
Air India’s data processor, SITA PSS (Passenger Service System), had in recent months informed the airline about a cyber attack it faced in February, following which the Indian airline investigated the matter and secured compromised servers.
“Our data processor (SITA) has ensured that no abnormal activity was observed after securing the compromised servers,” the airline said late on Friday.
SITA, which serves the Star Alliance of airlines including Singapore Airlines, Lufthansa and United, had in March said it had faced a "highly sophisticated" cyberattack after which it initiated containment measures.
It was not immediately clear if any other airlines were affected by the incident SITA reported in March.
Asked for comment, SITA referred Reuters to its March announcement on Saturday, adding that it had duly informed Air India and “the matter remains under active investigation by SITA.”
For Air India, the breach is the latest headache at a time when it is trying to rein in costs while the government seeks to sell its interest in the company.
The airline is also embroiled in a legal battle with British firm Cairn Energy with pressure on the Indian government to pay a $1.2 billion arbitration award that Cairn was awarded by an arbitration tribunal in December.
Other major cyber incidents in the recent past include easyJet, which last year said hackers had accessed the email and travel details of about 9 million customers.– Reuters