“We are taking remedial steps to prevent this loss, till then we appeal to the passengers to change their passwords wherever possible to protect their personal information,” AI said.
This official statement said that the data of 4.5 million passengers, including passengers of Air India, has been affected by this cyber attack on SITA. SITA is established in Geneva, Switzerland.
“We want to inform our valued consumers that our passenger service system provider was cyber-attacked in the last week of February 2021,” AI said.
Forensic analysis is being traced to how sophisticatedly this attack has been carried out. SITA confirmed that no unauthorized activity has been recorded in the infrastructure of the system since this incident.
The airline said, “We are in the meantime keeping in touch with various regulatory agencies in India and abroad, and we have also warned them of the obligations of this incident.”
In the context of credit card data, the airline said that we do not keep the information of CVV / CVC number under SITA.
On 25 March and 5 April, SITA informed Air India of the affected passengers. Air India, along with its service provider, is assessing this risk and will share information as soon as the related updates are available.
Following the incident, the airline has taken these steps – securing compromised servers, engaging experts in data security incidents from outside, talking to credit card issuing agencies and for Air India’s Frequent Flyer Program Reset their passwords.