Mumbai: The United Kingdom’s data protection regulator is investigating the leak of Air India’s passenger data which has impacted 4.5 million customers globally.
India does not have a specific data protection law and a bill on the subject is pending in Lok Sabha since 2019. However, European Union and UK laws require airlines to put in place measures for data protection and report cases of data breach to regulators in the continent within 72 hours of becoming aware of it. Non-compliance or negligence can result in steep fines.
“Air India has reported an incident to us and we are investigating. Anyone who is concerned about their personal data should contact the airline first. If they are still not satisfied they can bring their concerns to the ICO,” said a spokesperson of the Information Commissioner’s Office, the UK’s data protection regulator.
In a May 15 notification to passengers Air India informed that personal data of 4.5 million customers was impacted following a cybersecurity attack on the servers of SITA, which provides passenger service systems to the airline.
This included personal data registered between August 2011 to February 2021 and includes passenger names, date of birth, contact information, passport information, ticket information, frequent flyer and credit card data.
While the airline received an intimation of the cybersecurity attack on February 25, it said the identity of the affected customers was made available by SITA on March 25 and April 5.
Though the airline is facing criticism for delay in informing passengers, an aviation source familiar with the matter said Air India undertook the necessary steps in accordance with law.
25/05/21 Aneesh Phadnis/Business Standard
To Read the News in full at Source, Click the Headline
0 comments:
Post a Comment