National carrier Air India has reported a massive cybersecurity attack, leading to the personal data leak of passengers. The incident has affected around 45 lakh data subjects across the world.
The breach involved personal data registered between 26 August 2011 and 3 February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data as well as credit cards data. However, in respect of his last type of data, CVV/CVC numbers are not held by our data processor.
Among the steps taken to ensure safety of data included investigating the data security incident, securing compromised servers, engaging external specialists of data security incidents, notifying and liaising with credit card issuers, and resetting passwords of Air India FFP program.
Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers. the airline said, while calling on passengers to change their passwords. The attack is said to have taken place in the last week of February this year.