Air India has revealed that personal information from an estimated 4.5 million passengers was leaked in a cyber-attack.
The carrier said in a statement that the cybersecurity attack affected its data processor, SITA PSS (Passenger Service System).
The breach involved personal data registered between August 26, 2011, and February 3, 2021,
The airline originally revealed it had been hit by the attack in March.
Details taken included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data – but no passwords data.
Credit cards information was also taken but CVV/CVC numbers are not held by the airline’s data processor.
The airline said it had secured the compromised servers and was taking remedial action.
It added: “We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data.
“The protection of our customers’ personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate continued support and trust of our passengers.”
Gareth Shaw, Which? head of money, said: “Air India customers will understandably be worried that their data has fallen into the hands of hackers who might try to exploit it, so it is vital that the company provides clear and timely updates to victims and supports them in taking steps to protect themselves.
“Anyone concerned they could be affected should be wary of unexpected phone calls, emails or fake ‘customer support’ messages popping up on social media regarding the breach, as scammers might try to take advantage of it. It’s also worth keeping a close eye on bank accounts and credit reports.
“While it looks unlikely that passwords have been stolen in this breach, Air India recommends customers should change their password as a precaution.”