Moneycontrol PRO
UPCOMING EVENT:Attend Traders Carnival Live. 3 days 12 sessions at Rs.1199/-, exclusive for Moneycontrol Pro subscribers. Prices Increasing Soon. Register now!
you are here: HomeNewsIndia

Air India servers hacked, passengers' credit card info, passport details accessed

The cyberattack on Air India, according to the airline, has affected the data of around 45 lakh flyers around the world.

May 22, 2021 / 07:39 AM IST
Representative image

Representative image

The servers of Air India were recently hacked, leading to the unethical access of personal information related to scores of passengers, the national carrier said in a statement issued on May 21.

The information stored on the passenger service system includes credit card and passport details. The cyberattack on Air India, according to the airline, has affected the data of around 45 lakh flyers around the world.

"Our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world," said the statement issued by Air India.

The airline, while admitting that details of credit card have also been breached, clarified that the CVV/CVC numbers - which are key to execute transactions - were not held by its data processor.

"The breach involved personal data registered between 26th August 2011 and 20th February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data. However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor," Air India stated.


The state-owned flight operator further noted that it had received the first notification related to the data breach from its data processor on February 25, 2021. However, the identity of affected data subjects was provided on March 25 and May 4, it added.

Also Read | Why Qatar Air’s botched attempts at partnering with Tatas could turn lucky for Air India

"While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and 5.04.2021," the statement said.

Air India also noted that it is following measures to ensure safety of data, and has begun investigating into the data security incident. The airline is also securing compromised servers, engaging external specialists of data security incidents, notifying and liaising with credit card issuers and resetting passwords of Air India frequent flyer programme, news agency ANI reported the carrier as stating.
Moneycontrol News
first published: May 21, 2021 09:37 pm

stay updated

Get Daily News on your Browser
ISO 27001 - BSI Assurance Mark