India’s flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year.
The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card data. But Air India said neither CVV/CVC numbers associated with the credit cards nor passwords were affected.
The airline had previously acknowledged the breach on March 19, stating that “its Passenger Service System provider has informed about a sophisticated cyber attack it was subjected to in the last week of February 2021.”
In March, Swiss aviation information technology company SITA disclosed it suffered a “highly sophisticated attack” on its servers located in Atlanta, leading to a compromise of passenger data stored in its PSS system. SITA PSS is used by many carriers for processing airline passenger data as part of their frequent flyer programs.