Air India recently said that it has suffered a massive data breach due to an attack on its servers by unknown hackers.
Air India had talked about the hacking attack earlier in March, but the company says that it is only now when it has been able to ascertain that data of some 4500000 fliers has been leaked.
Key information that the hackers has stolen include includes credit card details — but according to Air India not the CVV or CVC number — as well personal details like date of birth.
Air India says that it is sending an email to affected consumers. The company says that it is also investigating the whole incident, the hacker attack as well as data breach, further. The airline said in a statement that it is sending emails to affected customers, telling them the details of the hacking attack. Irrespective of whether you get an email from Air India or not, ideally you should change your password if you have an account with Air India as immediate measures.
The airline further said servers of its partner who processes passenger data were hacked earlier this year. These servers belong to the SITA PSS system that stores and processes passenger data. In other words, when you book a ticket with Air India, the data related to it is stored on the SITA PSS system.
The SITA PSS systems were hacked earlier, though Air India does not specify when that happened. However, it says that it received information from the data processor on February 25 about the hacking attack.
“Following measures to ensure safety of data immediately taken-investigating data security incident, securing compromised servers, engaging external specialists of data security incidents, notifying and liaising with credit card issuers, resetting passwords of Air India FFP prog,” Air India said.
The leak of Air India data is one more high-profile data breach that has taken place in India this year. One difference between other data breaches and the one that Air India has suffered is that at least Air India is informing customers, even if it is doing so in a limited way.
But given that India lacks a proper Data Protection Law as well as a lax regulatory requirement when it comes to data handling, most companies don’t even bother to go public or inform their customers when they suffer data breach.
(Image Courtesy: www.1.bp.blogspot.com)