National carrier Air India has recently flagged a cyber attack on its servers and has notified its passengers of a data breach that had occurred in February at the SITA passenger service system. Air India’s leaked customer database exposed registered personal details of about 4.5 Million passengers. Data subjects included PIIs such as: name, date of birth, contact contact information, passport information, ticket information, Star Alliance frequent flyer data and credit card details. But Air India said neither CVV/CVC numbers associated with the credit cards nor passwords were affected. This is the second major airline data breach in the last six months after IndiGo got breached last December.
Supply Chain Breach: More about SITA
SITA is a Switzerland-based technology company specialising in air transport communications and information technology. The company was started by 11 member airlines and now has over 2,500 customers in more than 200 countries, claiming to serve around 90% of the global airline business. SITA is the data processor of Air India’s Passenger Processing Service (PSS) and is responsible for storing and processing the personal information of its customers. Air India had entered into a deal with SITA in 2017 to upgrade its IT infrastructure to enable it to join Star Alliance. At Air India, SITA also implemented an online booking engine, departure control system, check-in and automated boarding control, baggage reconciliation system and the frequent flyer programme.
SITA disclosed it suffered a “highly sophisticated attack” on its servers located in Atlanta, leading to a compromise of passenger data stored in its PSS system. Although Air India had received the first notification in this regard from their data processor on 25.02.2021, however, the identity of the affected data subjects were disclosed by their data processor on 25.03.2021 and 5.04.2021. Air India said no subsequent unauthorised activity had been detected.
Air India: Incident Response
In modern IT Supply Chain attacks, there is a constant need to monitor the potential risks across a vast ecosystem that includes: vector-associated DNS management, cloud providers, web properties, encryption, certificates and mobile infrastructures. Unfortunately, the modern IT organization is not prepared to monitor, let alone manage a risk of such high severity. Hackers and malicious actors can easily penetrate through the defense mechanisms placed in such environments, making them extremely vulnerable. When there is a lack of clearly defined oversight and management processes, hackers are able to operate freely and inflict significantly more damage.
Following the incident, Air India said it took a number of steps to investigate the key elements of the sophisticated attack and remediate the issue. These include:
- Securing the compromised servers
- Engaging external data security specialists
- Contacting the credit card issuers and advising them to reset the passwords of Air India frequent flyer programmes
- Emailing it’s customers to inform them about the severity of the data breach.
While Air India assured its passengers that there was no evidence of any “misuse” of the data, it said it was in talks with regulatory agencies in India and overseas and also advised the passengers to change their passwords wherever applicable to thwart potential unauthorized attempts and ensure the safety of their personal data.
With the latest development, Air India joins a long list of airlines, such as Lufthansa, Cathay Pacific, Air New Zealand, Singapore Airlines, Scandinavian Airlines (SAS), Finnair, Malaysia Airlines, South Korea’s Jeju Air, American Airlines, and United Airlines that have been impacted by data security incidents in the past.
For more information, you can contact: email id email@example.com, or call on 01242641415 or visit the website www.airindia.in, Air India said in its communique to the affected passengers. Air India is only operating domestic flights as international travel remains suspended owing to the coronavirus disease (Covid-19) pandemic.