National carrier Air India has reported a massive cybersecurity attack, leading to the personal data leak of passengers. The incident has affected around 45 lakh data subjects across the world, the airline said.
"The breach involved personal data registered between 26 August 2011 and 3 February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data. However, in respect of his last type of data, CVV/CVC numbers are not held by our data processor," Air India said in a notification to passengers.
Among the steps taken to ensure safety of data included investigating the data security incident, securing compromised servers, engaging external specialists of data security incidents, notifying and liaising with credit card issuers, and resetting passwords of Air India FFP program, it went on to say.
"Further, our data processor has ensured that no abnormal activity was observed after securing the compromised servers," the airline said, while calling on passengers to change their passwords.
The attack is said to have taken place in the last week of February this year.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)