About 4.5 million Air India customers and passengers had their data leaked in “sophisticated cyber attack” that hit passenger management association, International Aeronautical Telecommunications Society (SITA), a multinational that offers software services to air transport companies and that was compromised at the end of February this year.
In a statement to the company’s customers, Air India confirmed the data leak and reported that it took SITA about two months to inform the identity of the affected users. According to the document, the leak includes personal data such as name, date of birth, passport number, contact information and purchase history at the company.
“SITA PSS, our passenger service system data processor (responsible for storing and processing personal information from passengers) was recently subjected to a cybersecurity breach that resulted in the leakage of personal data for certain passengers. This incident affected some 4,500,000 people worldwide. Although we received the first notification in this respect from our data processor on 25.02.2021, we would like to clarify that the identity of the data subjects affected was only provided to us by our data processor on 25.03.2021 and 5.04.2021 “, writes the company.
Air India also reported that it has contacted the regulatory agencies, which are investigating the case and improving the security infrastructure of their systems, involving in-house experts, as well as notifying credit card issuers and resetting passwords for the Air India FFP program. .
According to BleepingComputer, SITA processes the purchase of tickets on seat reservations, in addition to passenger data. The spill also affected other aviation companies and members of the Star Alliance group, such as Lufthansa, Air New Zealand, Singapore Airlines, Scandinavian Airlines, Cathay Pacific, Jeju Air, Malaysia Airlines and Finnair.
Check the positioning in full:
Sources: Bleeping Computer; Air India; TheHack.
