Data breach at AI: 10 yrs’ flyer records compromised
TIMES NEWS NETWORK
New Delhi:22.05.2021
Air India’s customer database — name, date of birth, contact information, passport information, ticket information, frequent flyer data and credit cards data — has suffered a massive security breach, following a cybersecurity attack. The airline has informed affected passengers that the “breach involved some personal data registered between August 2011 and February 2021.” It adds that “no passwords data was affected.”
This is the second major airline data breach in last six months. In December last, some servers of IndiGo were hacked and the airline had said there was a “possibility that some internal documents may get uploaded by hackers on public websites and platforms.”
“This is to inform that SITA PSS, our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 45 lakh data subjects in the world. While we had received the first notification in this regard from our data processor on February 25, 2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on March 25 and April 5,” Air India said in a statement.
The breach involved personal data registered between August 26, 2011 and February 3, 2021. However, in respect of credit card data, CVV/CVC numbers are not held by our data processor, the AI statement adds.
The airline says it has taken steps to ensure data safety, including “investigating the data security incident, securing the compromised servers, engaging external specialists of data security incidents, notifying and liaising with the credit card issuers and resetting passwords of Air India FFP program.”
“Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers. While we and our data processor continue to take remedial actions including but not limited to the above, we would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data. The protection of our customers’ personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate continued support and trust of our passengers,” AI said.
The airline has informed affected passengers that the breach involved some personal data registered between August 2011 and February 2021. It added that no passwords data was affected in the breach
No comments:
Post a Comment