Air India says at least 4.5m passengers have had their data compromised in what it describes as a ‘sophisticated cyber attack’.
The airline was first notified of the breach in February by its passenger service system data processor, SITA, but only disclosed that its passengers were affected last week.
SITA issued a statement about the hack in early March, but did not reveal the scale or which airlines were involved.
It’s now been revealed fellow Star Alliance members Singapore Airlines, New Zealand Air and Lufthansa have all been affected and data registered over a 10-year-period was hacked.
Details including names, passport information and payment details have been compromised, but CVV/CVC numbers and passwords were not accessed, Air India said.
The airline said in a statement: “The breach involved personal data registered between 26 August 2011 and 3 February 2021,with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data.
“However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor.”