In a major state-owned airline carrier Air India data breach, credit card details, passport information and other personal data of 45 lakh passengers was reported to have been hacked. According to the airline, all certain passengers that registered their details on their platform between August 11, 2011 to February 3, 2021 have suffered a data breach in which details such as contact information, ticket information, etc was compromised.
Background
Although data breaches are rare occurrences thanks to increasing cyber awareness and difficult to crack cyber protocols, there have been several instances of hacks reported in the past few years. From Domino’s India to online retail giant BigBasket, to fintech startup MobiKwik to EdTech unicorn Unacademy, all these platforms in the past few years have admitted being vulnerable to cyberattacks.
Details
On May 21, 2021, the state-owned Air India sent emails to its customers saying that the company was subjected to “cybersecurity attack leading to personal data leak of certain passengers including yours.” The company in its statement further added that this incident has affected 4,50,000 data subjects across the world.
Air India data breached in a major Cyber attack. Breach involves Passengers personal Information including Credit Card Info and Passport Details. Other Global Airlines are likely affected too.#airindia #CyberAttack @airindiain@rahulkanwal @sanket @maryashakil pic.twitter.com/XxUORgInJQ
— Jiten Jain (@jiten_jain) May 21, 2021
The company also urged its passengers to change their passwords to ensure that their personal data is safe.
“While we and our data processor continue to take remedial actions…We would also encourage passengers to change passwords wherever applicable to ensure safety of their personal data,”
-the company’s letter in the email said.
Forensic Analysis ongoing to understand scope and sophistication
The airline also shared that the SITA PSS (Passenger Service System) which stores and processes the data of the passengers was attacked. SITA is a Geneva based IT company that provides IT and communication services primarily for air travel companies.
According to Air India, after the breach, a forensic analysis to understand the sophistication level and the scope of the hack was initiated which is still ongoing. SITA on the other hand has confirmed that no unauthorized activity was registered by the system.
Steps taken by Air India after data breach
Meanwhile Air India confirmed working with several regulatory agencies in India and across the world and have informed them about the breach as required. Further, Air India has also taken several steps after the breach was reported.
The company secured the compromised servers so that no further vulnerabilities can be detected, brought on board external cyber specialists, started working in liaison with credit card companies and have reset the passwords for passengers that are part of the Air India frequent flyer program.
81% of IT companies suffered data breach in one year: Report
In a new report by cybersecurity firm Barracuda Networks, 81% of the companies according to survey admitted to have suffered data breach in one year. Barracuda Networks said that most Indian companies suffered breach due to zero-day vulnerabilities and security loopholes in their web applications.
The survey conducted included replies from 100 key security decision makers that are responsible for a company’s cybersecurity.
BigBasket falls prey to hackers; Data of 20 million people on sale
The number falls in lines with several reports of companies suffering from data breach. Earlier this year in April, 2021, online grocery platform BigBasket suffered from data breach that resulted in data of 20 million customers being put at sale on the dark web.
This data included personal information such as complete names, email IDs, password hashes, contact information, IP addresses of where the user was using the platform from. The hackers allegedly put all this information for sale on Dark Web for $40,000.
Domino’s India data compromised
Earlier in the same month, hackers took to forums announcing that they breached into the servers of Domino’s India and were able to get access to 13 terabytes of data that contained both employee and customer data. The incident was alarming as it was later announced that the hackers also got their hands on over 1 million credit card information.
Also Read: Domino’s information reportedly leaked on the dark web
Data of 110 million users of MobiKwik in the hands of hackers
This year, fintech giant MobiKwik also suffered a major data breach in which data of over 110 million users was put on sale on the dark web. This data included the details of KYC documents such as PAN card, Aadhar Card, along with other information like credit card details.
Also Read: MobiKwik data breach leaves 99 million phone passwords, addresses and other data vulnerable