Posted on May 24, 2021 at 1:40 PM
Hackers access sensitive data of 4.5m Air India customers in a recent attack
Another hacking incident that has affected millions has been reported recently, this time coming from India. According to recent reports, the country’s airline, Air India, revealed that it suffered a major breach that ended up compromising sensitive information belonging to 4.5 million of the firm’s passengers.
This marks another incident of massive proportions that will affect users throughout the world, despite the fact that it targeted a single company.
According to what is known, the breach took place around two months ago, but was only confirmed for the public recently. At the time of the attack, however, SITA’s PSS (Passenger Service System) was breached, and hackers managed to steal the data of any customer that registered between August 2011 and February 2021.
These details came directly from Air India, which revealed the information in a recent statement, admitting that 10 years worth of data was compromised. The information that was collected during the breach includes the names of the company’s customers, their birth dates, contact information, as well as passport information.
On top of that, the hackers also managed to access frequent flyer data, and even credit card information. However, it should be noted that, fortunately, CVV/CVC numbers were not included, as they were likely stored separately for security purposes.
Air India also added that hackers also did not access any passwords as far as the investigation has revealed. But, regardless, users should still change their passwords, just in case. It could be that hackers managed to access them and then cover their tracks, or more likely, that they could try other methods such as brute force attacks now that they have the rest of the necessary data, which will make breaching accounts significantly easier.
How did Air India react to the breach?
Air India’s statement revealed a few other details, including the fact that the incident took place on February 25th of this year. Unfortunately, the company took a long time to dig through the mess that the hackers left and find the crucial pieces of information, such as who was affected by the breach.
In its statement, it admitted that it only learned the identities of affected passengers on March 25th, and then on May 4th, hopefully extracting all the information about the attack by that point.
The airline further stated that it has taken certain steps in order to ensure data safety, which includes the investigation of the incident, securing the server that hackers managed to compromise during the attack and steal data from, as well as engaging third-party specialists who have greater experience with similar security breaches.
Of course, the company also notified all credit card issuers, explaining the situation to them and alerting them to possible unusual behavior of their clients’ cards and accounts. On top of that, it also decided to reset passwords for the Air India FFP program, as another precaution.
Unfortunately, it is unlikely that the company’s customers were the only victims of the SITA attack. In fact, the company said in a separate statement that customers of multiple other airlines were affected as well. This includes many of those who were flying with Air New Zealand, Finnair, Cathay Pacific, SAS, Lufthansa, Jeju Air, Singapore Airlines, and Malaysia Airlines.
In other words, the attack was massive and far-reaching, likely to have serious consequences. However, Air India stated that it reacted extremely quickly by global and industry standards, and that it identified the attack in record time. Even so, the matter is far from resolved, and it is currently still under active investigation by SITA.
It is unknown which, if any, security or government agencies are assisting the investigation, although it stands to reason that SITA has alerted the authorities and that it is collaborating with experts on resolving the matter.
The company concluded by stating that each of the affected airlines has been provided with the details of the attack, including exactly what type(s) of data was compromised, the number of data records within each of the data categories that were stolen, and alike.