India’s national airline Air India has said a cyber-attack on its data servers affected about 4.5 million customers around the world but the compromised servers were later secured, the Indian state-run carrier said in a statement. In its notification to the affected passengers, the airline said that the cyber-attack that compromised the data of millions of passengers from across the world involved personal data registered between August 26, 2011 and February 20, 2021. It said the breached data included the passenger’s name, date of birth, contact information, passport information, ticket information, frequent flyer data and credit card information. It asked all its customers to change the passwords to their accounts on its website.
Air India had entered into a deal with SITA in 2017 to upgrade its IT infrastructure to enable it to join Star Alliance. SITA is a Switzerland-based technology company specialising in air transport communications and information technology. When asked for comment, SITA referred Reuters to its March announcement on Saturday, adding that it had duly informed Air India and “the matter remains under active investigation by SITA”. On late Friday the airline said, “Our data processor (SITA) has ensured that no abnormal activity was observed after securing the compromised servers”.