Air India reports data leak of 4.5 million passengers

Indian airline Air India reported that one of its software vendors suffered from data leak, which led to the disclosure of personal information of 4.5 million passengers using the carrier’s services.

SITA reported the problem back in March this year, and the leak is known to have affected at least ten major airlines, including Malaysia Airlines, Singapore Airlines, Jeju Air, Air New Zealand, Polish Airlines, Finnair, Scandinavian Airlines, Cathay Pacific and Lufthansa.

However, there are still very few details about what happened, and earlier the airlines could not even say which passenger data were disclosed due to the leakage.

Air India has now published its own incident report, providing a detailed analysis of the incident and its potential consequences, which may be useful to other Star Alliance airlines and their customers.

According to Air India, an unnamed attacker appears to have gained access to passenger data over the past 10 years. Thus, the largest Indian national carrier has leaked information of 4.5 million people who booked tickets from August 26, 2011 to February 3, 2021.

It is reported that neither account passwords nor CVV/CVC cards were harmed.

Air India and SITA said that the investigation of the incident has not yet been completed, and further details of the incident will emerge in the future. So far, the details of the attack have not been disclosed.

Interestingly, a day after the publication of Air India on the darknet, on the portal where data leaks are traded, a record appeared from an attacker who claims that he has information about the airline’s passengers. It is not yet clear if this is true, or if the attacker is simply trying to use media coverage of the incident to trick his customers.

Let me remind you that we also reported that Conti ransomware attacks Ireland’s Health Service Executive and now Hackers threaten to sell Irish Health Service Executive files.