Leak of 4.5 million Air India fliers’ data exposes aerial cyber threats

• The breach affected airline customers who registered between August 2011 – late February 2021
• The leak includes contact information, credit card data, and frequent flier data
• Air India found out about the attack first in February
• India accounted for 7% of all cyber-attacks observed in Asia in 2020

Just as India mulls a new national strategy to strengthen the country’s cybersecurity in March this year, a major cybersecurity attack against the passenger service system of Air India has exposed the data of 4.5 million of its passengers.

The airline said it first learned of the incident on February 25, but only learned the identities of affected passengers on March 25 and May 4. It has, since then, taken several steps since including investigating the incident and securing the compromised servers. It affected customers who registered between August 2011 and late February 2021, Air India said in a statement. 

Compromised data includes customers’ names, date of birth, contact information, passport information, frequent flyer data, and credit card data, although CVV/CVC numbers weren’t included. Passwords weren’t accessed by the hackers, Air India added, although it’s urging all customers to change their passwords as a precaution.

“This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers,” Air India said in a breach notification sent over the weekend. 

The airline said it has taken steps to ensure data safety, including “investigating the data security incident; securing the compromised servers; engaging external specialists of data security incidents; notifying and liaising with the credit card issuers, and resetting passwords of Air India FFP program.”

Unfortunately, Air India customers are unlikely to be the only victims of the SITA hack. The company told Bleeping Computer in a statement that customers from several airlines were affected, including travelers who flew with Air New Zealand, Cathay Pacific, Finnair, Jeju Air, Lufthansa, Malaysia Airlines, SAS, and Singapore Airlines. “Each affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories, including some personal data of airline passengers,” it added.

The state of cybersecurity in India

According to the Indian Computer Emergency Response Team (CERT-In), the government agency responsible for tracking and responding to cybersecurity threats, over 313,000 cybersecurity incidents were reported in 2019 alone. Things didn’t get any better in subsequent years, as India reported the second-highest number of cyberattacks after Japan in the Asia-Pacific region in 2020, according to the annual IBM X-Force Threat Intelligence Index. Per this report, India accounted for 7% of all cyber-attacks observed in Asia in 2020.

“Finance and insurance was the top attacked industry in India (60%), followed by manufacturing and professional services,” the report added. Ransomware is the topmost cyberattack threat comprising 23% of the attacks. Sodinokibi (REvil) ransomware alone made minimum profits worth US$123 million, as per the IBM report. Besides this, digital currency and server access attacks also affected Indian companies last year.

Today, India is regarded more as a victim than an aggressor of cybercrime and espionage. Compared with other developed nations, India’s offensive cyber capabilities are nascent — but the motivating factor of an aggressive and expansionist virtual adversary, combined with a very large population educated in technology, suggests it won’t be long before the country catches up, potentially with key allies’ help.

---

---

---

---