- This incident affected around 4,500,000 data subjects in the world
- Credit card data was compromised but CVV/CVC numbers were not held by Air India’s data processor
- Air India also said that no passwords were affected
India’s national carrier and largest international airline informed the its customers of a data security breach that took place between August 26, 2011 and February 3, 2021.
Air India has said the personal data of millions of passengers was compromised as the result of a cyberattack. The stolen information included credit card and passport details.
“This incident affected around 4,500,000 data subjects in the world,” Air India said in a statement.
The stolen data included passengers’ names, dates of birth, contacts, passport details, and ticket information.
The credit card data was also compromised, but Air India said that CVV/CVC numbers were “not held by our data processor.”
Air India also said that “no passwords were affected.” It added that “external specialists” had been brought in to help secure the compromised servers.
A number of major airlines, including British Airways and EasyJet, as well as airline service providers, have fallen victim to successful cyberattacks in recent years.
British Airways was fined £20 million ($28 million) by the UK’s data protection regulator last year after the personal information of more than 400,000 customers was stolen.