Sunday, May 23, 2021

Three months after air transport data giant SITA reported a data breach, we are still learning about the damage.

Air India said this week that personal data of about 4.5 million passengers had been compromised following the incident at SITA, Indian flag carrier airline’s data processor. The stolen information included passengers’ names, credit card details, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data, Air India said in a statement (PDF).

CVV/CVC data of credit cards were not held by SITA, said Air India as it urged passengers to change passwords “wherever applicable to ensure safety of their personal data.”

The attack compromised data of passengers who had registered with the Indian airline over the past decade, between August 26, 2011 and February 3, 2021, Air India said in a statement.

The revelation comes months after SITA said it had suffered a data breach that involved passenger data. At the time, SITA said it had notified several airlines — Malaysia Airlines, Finnair, Singapore Airlines, Jeju Air, Cathay Pacific, Air New Zealand, and Lufthansa — of the breach.

The Geneva, Switzerland-headquartered firm — which is said to serve 90% of the world’s airlines — had declined to reveal the specific data that had been compromised at the time of disclosure in early March, citing an investigation — which is still ongoing.

Air India said that it was first notified about the cyberattack by SITA on February 25, but the nature of the data was only provided to it on March 25 and April 5.

The struggling Indian airline, which has been surviving on taxpayer money, claimed that it had investigated the security incident, secured the compromised servers, engaged with unnamed external specialists, notified the credit card issuers, and had reset passwords of its frequent flyer program.

23/05/21 Manish Singh/Tech Crunch

To Read the News in full at Source, Click the Headline


Post a Comment