4.5 million Air India passengers affected in personal data breach

dpa New Delhi Personal data of 4.5 million Air India customers - including credit card, passport and phone number information - was leaked in a cyberattac...

dpa New DelhiPersonal data of 4.5 million Air India customers - including credit card, passport and phone number information - was leaked in a cyberattack on the airline’s Geneva-headquartered passenger system operator SITA in February, the airline has announced.The airline had been notified of the breach on February 25, but the identity of persons affected were only provided by SITA on March 25 and April 5, an Air India spokesperson said on Saturday, explaining why the notification to passengers came three months after the cyberattack.The breach involved personal data registered with the airline during a nine-and-a-half-year period between August 26, 2011, and February 3, said the notification, uploaded on the Air India website.This included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data, as well as credit card data.Credit card CVV/CVC numbers were not held by the data processor, the message added. No password data was affected, but passengers were encouraged to change these.The cyberattack comes at a time when the Indian government is trying to sell the debt-ridden national carrier.Several airlines that are a part of the Star Alliance informed passengers that some of their data was accessed by an intruder after SITA publicly confirmed on March 4 that there was “a data security incident” involving passenger service system servers located in the United States.“We recognize that the Covid-19 pandemic has raised concerns about security threats, and, at the same time, cybercriminals have become more sophisticated and active. This was a highly sophisticated attack,” the SITA statement had said.