Air India Data Breach: National carrier issues statement on leaked credit card CVV/CVC

In a massive development in India's aviation industry, Air India on Friday confirmed reports of data breach of nearly 4,500,000 individuals during a cyberattack that took place in February this year. The information stored on the passenger service system includes credit card and passport details. However, Air India has assured flyers that their credit card details which involved CVV and CVC have not been compromised as Air India's system processor does not store the CVV/CVC of the credit card.

Air India in its official statement said, "This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world.

"While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 and  5.04.2021. The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website,"added Air India. 

The security breach of Air India's SITA PSS data processor, which stores and processes the personal information of passengers, has affected personal data registered between August 2011 and February 2021 (10 years). Details such as name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (except for passwords), and data of credits cards of several passengers is said to have been compromised by the cyber attack. 

However, Air India in its statement said that measures ensure the safety of data and has begun investigating into the data security incident."Following measures to ensure the safety of data immediately taken-investigating data security incident, securing compromised servers, engaging external specialists of data security incidents,notifying&liaising with credit card issuers, resetting passwords of Air India FFP program," said Air India in its statement as reported by ANI. 

Air India Appeals Passengers To Change Credit Card Password

In its official statement, Air India assured that the national data processor continues to take remedial actions, however for precaution passengers are asked to change their passwords."Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers. While we and our data processor continue to take remedial actions including but not limited to the above, we would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data. The protection of our customers’ personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate continued support and trust of our passengers," Air India concluded. 

(Image Credits: PIXABAY)