Air India breach compromised data for 4.5 million passengers

It included sensitive info for travellers dating back 10 years.

Sponsored Links

An Air India Boeing 787 ''Dreamliner'' takes off from Hong Kong Airport in Hong Kong, China, on 19 May 2021. Since 20 April 2021, no passengers from India are allowed to land in Hong Kong as a prevention before the raging pandemic in India. (Photo by Marc Fernandes/NurPhoto via Getty Images)
Marc Fernandes/NurPhoto via Getty Images

Air India just suffered one of the larger (though not largest) airline data breaches in recent memory. The Times of India reports Air India has revealed that a breach compromised about 4.5 million passengers whose data was registered at system provider SITA between August 2011 and late February 2021. The intruders couldn't obtain passwords, but they had access to names, contact info, tickets and frequent flyer info (including for Star Alliance).

The perpetrators also had access to credit card info, although the usefulness of that data might be limited as the CVV/CVC numbers weren't included.

The airline said it first learned of the incident on February 25th (and issued a warning on March 19th), but that it only learned the identities of affected passengers on March 25th and May 4th. It was already investigating the breach and had locked down the affected servers, including resetting passwords for its frequent flyer program.

It's not clear who was responsible for the breach. However, the damage isn't limited to one airline. STIA told BleepingComputer in a statement that customers from several airlines were victims, including travelers who flew with Air New Zealand, Cathay Pacific, Finnair, Jeju Air, Lufthansa, Malaysia Airlines, SAS and Singapore Airlines. While this isn't as large as the 2018 Cathay Pacific breach that touched up to 9.4 million customers, the repercussions could be felt worldwide for a while to come.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget