Air India has just undergone one of the most important (but not the biggest) air data breaches in recent memory. the India time reports that Air India has revealed that a breach compromised approximately 4.5 million passengers whose data was recorded with the SITA system provider between August 2011 and the end of February 2021. The intruders were unable to obtain passwords, but they did have access to names, contact details, tickets and information for frequent travelers (including Star Alliance).
The authors also had access to credit card information, although the usefulness of this data may be limited because CVV / CVC numbers were not included.
The airline said it first learned of the incident on February 25 (and issued a warning on March 19), but only learned the identities of the affected passengers on March 25 and May 4. He was already investigating the breach and had locked down affected servers, including resetting passwords for his loyalty program.
It is not known who was responsible for the violation. However, the damage is not confined to a single airline. STIA said BleepingComputer in one declaration that customers of several airlines have been victimized, including travelers who have traveled with Air New Zealand, Cathay Pacific, Finnair, Jeju Air, Lufthansa, Malaysia Airlines, SAS and Singapore Airlines. While not as big as the Cathay Pacific 2018 breach that affected up to 9.4 million customers, the repercussions could be felt around the world for some time.