Air India Hacked and the Data of 4.5 Million Passengers Leaked

• The SITA incident that has affected multiple international airlines has added Air India to the list.
• The Indian flag carrier airline informs the public that 4.5 million passenger data has been leaked.
• Compromised information includes names, DoB, passports, tickets, FFNs, and partial payment info.

Air India, the government-owned airline that serves over 102 domestic and international destinations, has confirmed that it has been affected by the SITA (Société Internationale de Télécommunications Aéronautiques) incident that was disclosed in March. More specifically, Air India was one of the many airlines using SITA’s Passenger Service System, which was compromised by sophisticated actors back in February 2021.

In Air India's case, the actors managed to access and exfiltrate data corresponding to 4.5 million passengers, spanning between August 26, 2011, and February 3, 2021.

The types of data that have been compromised include the following:

• Full names
• Dates of birth
• Contact information
• Passport information
• Ticket information
• Star Alliance and Air India frequent flyer data
• Partial credit card data (no CVV/CVC numbers)

Air India data breached in a major Cyber attack. Breach involves Passengers personal Information including Credit Card Info and Passport Details. Other Global Airlines are likely affected too.#airindia #CyberAttack @airindiain@rahulkanwal @sanket @maryashakil pic.twitter.com/XxUORgInJQ

— Jiten Jain (@jiten_jain) May 21, 2021

In the notification distributed to the exposed customers, Air India also clarifies that no passports were stored in the compromised software. However, registered members are still advised to reset their passwords out of an abundance of caution. For more information on how this incident affects you specifically, you may call 0124-2641415 or send an email to aidata.helpdesk@airindia.in.

SITA’s security lapse has affected many international airlines and their customers, including Lufthansa, Air New Zealand, Singapore Airlines, SAS, Cathway Pacific, Jeju Air, Malaysia Airlines, American Airlines, and Finnair. Considering that the Star Alliance network (which relies on SITA solutions) counts 26 members, there could be more airlines that are still carrying out their internal investigation at the moment.

In general, if you’re a member of a frequent flyer rewards program in any airline, the chances of your details having been compromised are significant. So far, no info about who was behind the SITA hack have been published, so the origin, indicators of compromise, and motivation of the actors remain unknown or simply undisclosed.

Air India is further investigating with the help of external cybersecurity experts and is taking steps to secure the compromised servers for future incidents of this type. If you have received a notice from the airline, reset your password on the platform and anywhere else you could be using the same credentials, treat all incoming communications with care, and report any scamming or phishing attempts against you to the authorities.