Air India Data Breach: What happened?
An unfortunate cyber attack on the servers of Air India has resulted in a colossal data breach. More than 4 million clients have been affected, with their personal information such as full name, date of birth, contact information, passport details, ticket information, frequent flyer data, and credit card data accessed by an unknown third party. If you had registered any data with Air India between August 26, 2011, and February 20, 2021, it is highly likely that your data has also been compromised.
Air India has assured the affected parties that there has been no proof that their data has been mishandled yet. Still, as a cautionary measure, the airlines have also encouraged all their customers to change the passwords of their personal logins after this breach. Air India has promised to have taken steps to ensure the protection if its customers’ data, and that includes: inspecting the data security incident, immediately fortifying the compromised servers, engaging external experts to prevent and prevent similar data breaches, alerting and coordinating with credit card companies, and resetting passwords of Air India Frequent Flyer Program.
Currently, as travel remains suspended owing to the pandemic and lockdowns all over the country, Air India is the only operating domestic flight.
It has also been discovered that clients of Air India may not be the sole victims of this incident. The airline has made an official statement that customers from other airlines have also been subject to this security breach, and they include those who have flown with Cathay Pacific, Lufthansa, Malaysian Airlines, and Singapore Airlines.
In the middle of this, there is also a controversy that Air India is dealing with. The airlines made the unfortunate mistake of informing its customers of such a breach only 1.5 months after it happened. If Air India had informed customers earlier, they could have taken actions to protect their information sooner, thereby preventing any unforeseen unusual activity on their card accounts.
Experts have suggested that it is important for the airlines to place in top priority the notifying of its customers so that they could take preventative steps. Rather than focusing on the investigative aspect alone, Air India must also look at corrective and protective measures. They must be releasing a public announcement, either via e-mails and/or text messages to inform their customers about such a breach with a reminder to change their passwords and credit/debit cards as soon as possible. Even though the damage has been done, such an action from the part of Air India will instil confidence in the minds of their 4 million customers.
Still, despite all of this, experts assure us that there is no need to be alarmed. “There is nothing much a hacker can do just by having a passport number in isolation. If you have safeguarded your email ids, and changed passwords, these measures will go a long way in curbing the steps to hack you,” says Mr. Gogia of Greyhound research.
What Air India has done, thus far, is issue an advisory warning on its official websites recommending their customers to change their password and credit cards as soon as possible. The airline has also made a statement that it is investigating this data breach incident and is taking measures that will safeguard the compromised servers from further attacks.
If you have flown with Air India since August of 2011, remember that your information may be one of those illegally accessed. Change your passwords and replace credit and debit cards. If you receive any unsolicited e‑mails, text messages, or calls from people claiming to be from the bank or the airlines, do NOT give out your personal information.
