Massive Air India Data Breach – Complete Case Study

Written By Sambita Panigrahy  
Anuraag Singh
Approved By Anuraag Singh 
Published On April 20th, 2023
Reading Time 4 Minutes Reading

In the earlier post Biggest Data Breaches in India, we’ve discussed about top 9 breaches happened between 2019 and 2021. Here, we’ll dig deeper and understand what exactly happened in Air India Data Breach.

Global events of cyberattacks attempted by sophisticated & state-sponsored hackers have steadily increased in the past couple of years. It is becoming clear that no sector is immune to falling victim to security incidents, not even the airline industry. And, the massive data Breach that the airline company suffered is a shocking example of the same.

Air India formally announced that their servers comprising flyer data between August 2011 and February 2021 are being compromised. 

Known Facts of Air India Data Breach

Air India’s database suffered a security breach and the airline company communicated it in May 2021. The company informed nearly 4.5 million records had been leaked. The data included Name, Contact Information, Date of Birth, Ticket information, Passengers’ Travel Details, Credit Card Data, and Frequent Flyer Details.

However, the company denied the password data being compromised. Also, it claimed that the targeted server did not store any credit card details such as CVV or CVC numbers. 

Media reports about Air India Data Breach reveal that the airline’s data processor, SITA (a Swiss technology company that offers passenger processing and reservation system services) reported the data breach to Air India. As per SITA, the cyber attackers worked for 22 days to gain access to some of the systems.

air india data breach

What’s Air India’s Response to The Security Incident?

As soon as the airline company learned about the breach, they started investigating the cyberattack. And, secured the servers that were compromised. Worked with external security incident response specialists to analyze the matter. Also, connected with credit card issuers to notify them about the incident. And, started the process of resetting passwords for its Frequent Flyer Program.

With regard to the Air India data breach, their officials said, after securing the servers their processors ensured no abnormal activity. In addition to that, the airline company urged the customer to change passwords wherever applicable to ensure the safety of personal data. Further, apologized for the inconvenience that occurred. And, at the same time assured that customers’ personal data protection is their first priority.  

Air India Data Breach- What’s Customers’ Reaction?

Most of the passengers did not take this incident well. One of the Air India flyers sought compensation of 30 lakh terming the data breach as a violation of the right to be forgotten and informational autonomy. 

Further, the airline customer accused the company of knowingly, intentionally, and deliberately leaking personal data and for breach of sensitive information. Then, sent a legal notice to the air carrier company.

What Do Businesses Need To Do to Protect Their Data?

Day by day, the number of cyberattacks is exponentially growing. But, the question is, are organizations taking measure(s) to protect their confidential data, and if they are then is it enough from a security point of view? 

After witnessing Air India Data breach, it’s certain that they do not take sufficient security measures. Taking the advantage of this, hackers manage to gain access to organizational data. Of this, the company not only loses its sensitive data but also faces legal consequences.

That’s why cyber security experts suggest adopting security measures such as SOC and VAPT services. IT experts will help you assess your IT infrastructure to identify vulnerabilities and provide you with the appropriate measures required for your company. 

Further, with these services, businesses can continuously monitor their IT infrastructure and mitigate the chance of cyberattacks beforehand. 

For availing of complete managed cybersecurity services contact our team now.