SITA data breach 2021: Air India says data of 4.5 million passengers get compromised. Air India disclosed this incident three months after global aviation industry IT supplier SITA fell victim to a cyber attack.
The data breach included personal data of about 10 years, from 26 August 2011 to 3 February 2021, Air India said in a statement [PDF]. The stolen information incorporated name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data, and credit card data.
No recent flyer passwords or CVV/CVC data were stolen. However, as the information was not held by SITA.
SITA is an information technology and communications company that processes the data of Air India’s passenger service system.
Although the SITA cyber attack was discovered at the end of February, Air India stated that it understood the intensity of the SITA data breach 2021 just last month. Since then, Air India has been carrying out investigations to secure the affected servers, engaging external specialists, notifying and liaising with the credit card holders, and resetting passwords of the Air India FFP program, it stated.
Alongside Air India, several other airlines such as Star Alliance and One World Airlines, Finnair, Japan Airlines, Jeju Air, Lufthansa, Malaysia Airlines, Air New Zealand, Cathay Pacific, Singapore Airlines were affected by the SITA data breach 2021.
Two months before, in March, Singapore Airlines revealed that the data of 580,000 of its frequent flyer members were compromised in the cyber attack.
As per SITA, the Vendor offers its service to about 90% of the world’s airlines, which figures to about 2800 clients that include airlines, airports, and government agencies.
Looking for more Security News, subscribe to our newsletter and get regular updates on cybersecurity.