“While we are taking remedial steps to prevent this loss, we urge passengers to change their passwords wherever possible to protect their personal information,” Air India said.
It has been said in this official statement that the data of 4.5 million passengers including Air India passengers has been affected by this cyber attack on SITA. SITA is established in Geneva, Switzerland.
“We would like to inform our valued customers that our Passenger Service System Provider was attacked during the last week of February 2021,” Air India said.
Forensic analysis is being ascertained for how sophisticated this attack has been carried out. SITA confirmed that no unauthorized activity has been recorded in the system’s infrastructure since the incident.
“We are in the meantime in touch with various regulatory agencies in India and abroad, and we have also cautioned them of the liability in this incident,” the airline said.
On the other hand, in respect of credit card data, the airline said that we do not keep CVV/CVC number information under SITA.
On March 25 and April 5, SITA informed Air India about the affected passengers. Air India in association with its service provider is assessing this risk and will share information as soon as updates become available.
Following the incident, the airline has taken these steps – secured tampered servers, brought experts in data security incidents to investigate from outside, spoke to credit card issuers and Air India’s frequent flyer program reset their passwords.